Hi,
I am running an ubuntu core 22 device with the image provided on your homepage. I noticed, that when running a container in your docker or microk8s snap (strict) I am able to mount “/” into the container and also write to “non-read-only” directories.
Is this behavior indented and what is the actual benefit of running microk8s snap in strict mode, if a container is allowed to access the “/” filesystem of the device?
Can I make microk8s safe in a way, that the snap confinement is also effective on containers running in these container runtimes?
Thanks.