Comment 3 for bug 1901619

Hi Dmitriy,
The LXC containers that OSA creates are fairly "thick" containers, in that they include many of the components of a full Linux installation, including their own systemd stack, their own SSH daemons, etc. In my view that attack surface should certainly be minimized, even if the intention is that these containers aren't directly accessible, as a matter of defense in depth. Especially given the easy accessibility of the ansible_hardening role, it just makes sense to apply it by default to the containers, I would think.