This is an interesting idea, but if you're shipping all the container code and the image inside the binary, I'm not sure how much you gain over just shipping a precompiled binary of redis itself. At best, you're baking in the config you want, but with the work being done here you could just patch in your desired config options into the redis binary.<p>libcontainer explicitly doesn't claim security as a feature, so you aren't getting real security wins by doing this, especially when you can put a static redis process in cgroups and limit it down with SELinux or similar anyways, and the packaging/distribution workflow is pretty much the same as pushing a static redis around.<p>I feel like I'm missing something; can the author or some other knowledgable soul point out the upsides of packaging a service like this?