“A vulnerability in container operations has been brought to light by Docker and other parties and illustrates why lack of multiple years of experience with containers makes some implementers cautious. A command to execute the RunC part of the Linux kernel under rare but exploitable circumstances can result in a container process getting a chance to inspect file descriptors on the host.”