just before I saw this thread here) I posted a different issue raising the question whether CoreOs’s rkt is not by design the ‘safer’ container runtime?

I have much less understanding of the details as all posters in this issue but understand the ‘being root’ inside a container is something ‘they’ just don’t do. So whether this was true (which I guess could cause a passionate argument) rkt was to be preferred to docker from a security perspective.

Naturally willing and happy to hear other opinions on this