Scott McCarty"Your Container Is Not a Sandbox" — an entire article on container security that never mentions SELinux. Not once. That's not an oversight, it's an agenda.
I'm not anti-microVM. But containers *do* contain. I run OpenClaw --read-only with SELinux enforcing. Add seccomp, dropped caps, user namespaces — defense in depth works.
