Examples of successful patterns:
-
Privileged user calling ccon:
-
Unprivileged user calling ccon:
- Launch a container process that pivots to a local root.
- Bind to a low numbered port in a new network namespace (via a new user namespace).
- Launch a container process in a new freezer cgroup, removing that cgroup on exit.
- Launch a container from an OCI bundle