Just one question about isolation of Clear Container.
As we known, Clear Container use vm to provides underlying process
isolation, it indeed makes container be more secure, but I'm thinking if
this is enough for multi-tenant env, for example, image management, if
client A pulls a image, then client B may see the image, actually this is
not allowed in multi-tenant environment.
I also have some concerns about the isolation of network and storage.
So maybe what I'm looking for is an end to end isolation solution to use
clear container in multi-tenant environment, includes the isolation of
network, storage, image and process. :)