blob: 7469c71be8ef9cac63cc3298be7a770d1e91b57d (plain
Subuser turns a docker container into a normal program. This program, however,
runs with restricted privileges. It can only access the directory from which it was
called, not the user's entire home directory. Each subuser is assigned a
specific set of permissions.