> Is this important if, say, a malicious user has access to a container? > Or, can a container be configured such that they could do little harm? You can easily make a container have its own filesystem and no access to the host's filesystem or devices. Is that what you are getting at? John