Virtualisation and Containerisation BoF

* Not much interesting virtualisation?

* It's all about containers
  * Inspection and inventory of container images
  * Notary project starting to implement container signing for security
  * What's the status of running systemd inside a container?
  * More containerd integration with Debian?
  * systemd has more knobs than docker in general, with respect to security
  * sandstorm sandbox for running web applications in isolation
    * disabling/restricted access to syscalls in this setup?
  * Must provide the ability to step outside docker and access the underlying
    container things
  * Add systemd containerisation features for all daemons to roadmap?
  * Lots of overlap between security policy tools such as apparmor and
    SELinux and containerisation/sandboxing
   
  * Haskell has tools to schedule NMUs for when dependent packages have been
    updated.