引用https://access.redhat.com/articles/881893#createimage：

“For the current Red Hat Docker release,the default RHEL 7 Docker
image you pull from Red Hat will be able to draw on RHEL 7
entitlements available from the host system. So,as long as your
Docker host is properly subscribed and the repositories are enabled
that you need to get the software you want in your container (and have
Internet access from your Docker host),you should be able to install
packages from RHEL 7 software repositories.”

我担心的是,实现这一目标的机制相当不透明.例如,在使用rhel7.1映像启动新容器时,可以运行yum install foo,甚至无需配置http代理环境变量.如果不了解这种机制,系统管理员可能会受到主机系统,Docker守护程序和正在运行的容器之间未知交互的影响.这也表明主机和容器之间的正常隔离在某种程度上受到损害(尽管是良性的).

为此提出一个观点：如何实现此订阅支持,是否依赖于Red Hat通过Subscription Network提供的Docker守护程序的自定义构建？