MSNOEXECno other application is allowed to run inside this system
MS_NOSUIDnot allowed to do
MS_NODEVthis is a default parameter set for linux
- what is the point, this is like run the command inside the system ?
- the first process inside the container, which PID = 1 is the process init