I would never touch that stuff with a ten-foot pole, on the other hand Docker looks alluring to me for its simplicity. Maybe I'm mistaken but this would probably have contributed to its widespread adoption.
I want my complexity to be related to transferable skills. So if docker just said "You can expose a syslog daemon here" I could just use my knowledge of syslog and be done. Instead I need to figure out how to force a daemon to send its logs to pid 1's stdout, and then use a syslog tool to send that to syslog.
In general - if I need to communicate via a standard protocol, good. If need to communicate via an OS feature, that's ok. If I need to communicate via an external tool, that's questionable. If I need to communicate via some weird bullshit inside that app, that's intolerable.
When I search "send logs to central repo on host docker" as a good string - this IS the way people are doing it. It looks like people are either not caching logs on non-volatile local storage, or doing a dumb hack.
And seemingly this is just the expected workflow - which terrifies my security brain.
In #Fate core I am building a game where all stunts are tied to aspects, and more aspects gives you more stunts. Should multi-session consequences give you more stunts? It feels cool - but also more work?
Basically - stunts are supposed to be tools*to allow you to reaffirm your essential self in this contexts, and making your Broken Arm part of that feels cool.