Needs [2021] in title.<p>Also: "mount the native /usr (or a restricted set of core libraries from /usr) read-only into each container"? Looks like author is always on bleeding edge and does not use LTS releases. That's not very representative - I am at the third company which uses Linux on developers' desktops now and I cannot imagine living on a rolling release system. Not mandating major upgrades multiple times per year is critical if you want Linux to be actually usable by non-Linux experts.