Updated user-guide to highlight sysbox-ee features.

Author: ctalledo

docs/quickstart/kind.md

@@ -30,7 +30,7 @@ There are currently two ways you can deploy the cluster:
 
 The sections below show examples of this.
 
-#### -------- Sysbox-EE Feature Highlight --------
+#### **-------- Sysbox-EE Feature Highlight --------**
 
  Sysbox-EE contains optimizations that enable deployment of K8s-in-Docker very efficiently.
 
@@ -41,7 +41,7 @@ The sections below show examples of this.
 | Host storage overhead |   10 GB  |     1 GB    |
 | Cluster creation time |   2 min  |    2 min    |
 
-#### ----------------------------------------------------------
+#### **----------------------------------------------------------**
 
 ## Using Docker to Deploy a K8s Cluster
 
@@ -270,12 +270,12 @@ $ docker exec k8s-master cat /proc/self/uid_map
 This means that the root user in the container is mapped to unprivileged host
 user-ID 165536.
 
-#### -------- Sysbox-EE Feature Highlight --------
+#### **-------- Sysbox-EE Feature Highlight --------**
 
 Sysbox-EE assigns each container an exclusive range of Linux user-namespace user-ID mappings
 in order to improve cross-container isolation.
 
-#### ----------------------------------------------------------
+#### **----------------------------------------------------------**
 
 11) After you are done, bring down the cluster:
 

docs/quickstart/security.md

@@ -62,7 +62,7 @@ the user and cgroup namespaces. It has no namespaces in common with
 the host, which gives it stronger isolation compared to regular Docker
 containers.
 
-#### -------- Sysbox-EE Feature Highlight --------
+#### **-------- Sysbox-EE Feature Highlight --------**
 
 In addition, Sysbox-EE assigns each system container exclusive
 user-ID and group-ID mappings for each system container. This further
@@ -99,7 +99,7 @@ this new system container. This provides isolation from the host as
 well as from other system containers. More info on this can be found
 in the [Sysbox User Guide](../user-guide/security.md#user-namespace-id-mapping).
 
-#### ----------------------------------------------------------
+#### **----------------------------------------------------------**
 
 Now, let's check the capabilities of a process created by the root user inside
 the system container:

docs/user-guide/README.md

@@ -1,6 +1,6 @@
-# Sysbox User Guide
+# Sysbox-EE User Guide
 
-This document describes Sysbox's features, usage, configuration, and
+This document describes Sysbox-EE's features, usage, configuration, and
 limitations.
 
 This document complements the [Sysbox Quick Start Guide](../quickstart/README.md).

docs/user-guide/concepts.md

@@ -1,4 +1,4 @@
-# Sysbox User Guide: Concepts & Terminology
+# Sysbox-EE User Guide: Concepts & Terminology
 
 These document describes concepts and terminology used by the Sysbox container
 runtime. We use these throughout our documents.
@@ -27,11 +27,10 @@ the container runtime is typically a container manager
 
 ## Container Manager
 
-The container manager manages the container's lifecycle, from image
-transfer and storage to container execution (by interacting with the container
-runtime).
+The container manager manages the container's lifecycle, from image transfer and
+storage to container execution (by interacting with the container runtime).
 
-Examples are Docker, containerd, cri-o, etc.
+Examples are Docker, containerd, etc.
 
 The [OCI runtime spec](https://github.com/opencontainers/runtime-spec) describes
 the interface between the container manager and the container

docs/user-guide/configuration.md

@@ -1,4 +1,4 @@
-# Sysbox User Guide: Configuration
+# Sysbox-EE User Guide: Configuration
 
 This document describes Sysbox configuration.
 

docs/user-guide/deploy.md

@@ -1,4 +1,4 @@
-# Sysbox User Guide: Container Deployment
+# Sysbox-EE User Guide: Container Deployment
 
 ## Contents
 
@@ -89,7 +89,7 @@ A couple of tips:
 
 ### Using Other Container Managers
 
-We officially only support the above methods to run Sysbox.
+We currently only support the above methods to run Sysbox.
 
 However, we plan to add support for other OCI-compatible [container managers](concepts.md#container-manager) soon
 (e.g., [cri-o](https://cri-o.io/)).

docs/user-guide/design.md

@@ -1,4 +1,4 @@
-# Sysbox User Guide: Design Notes
+# Sysbox-EE User Guide: Design Notes
 
 This document briefly describes some aspects of Sysbox's design.
 
@@ -31,18 +31,17 @@ mounts inside the system container. It's purpose is to make the system container
 closely resemble a virtual host while ensuring proper isolation from the rest of
 the system.
 
-sysbox-mgr is a daemon that provides services to sysbox-runc and
-sysbox-fs. For example, it manages assignment of exclusive user
-namespace user-ID and group-ID mappings to system containers, manages
-some special mounts that Sysbox adds to system containers, etc.
+sysbox-mgr is a daemon that provides services to sysbox-runc and sysbox-fs. For
+example, it manages assignment user-ID and group-ID mappings to system
+containers, manages some special mounts that Sysbox adds to system containers,
+etc.
 
-Together, sysbox-fs and sysbox-mgr are the "back-ends" for
-sysbox. Communication between the sysbox components is done via
-gRPC.
+Together, sysbox-fs and sysbox-mgr are the "back-ends" for sysbox. Communication
+between the sysbox components is done via gRPC.
 
-Users don't normally interact with the Sysbox components directly.
-Instead, they use higher level apps (e.g., Docker) that interact with
-Sysbox to deploy system containers.
+Users don't normally interact with the Sysbox components directly.  Instead,
+they use higher level apps (e.g., Docker) that interact with Sysbox to deploy
+system containers.
 
 ## Ubuntu Shiftfs Module
 
@@ -106,11 +105,11 @@ For example, an attacker running inside the system container can
 create set-user-ID-root executables which can then be executed by
 non-root users on the host to gain root privileges.
 
-Note that this vulnerability is not specific to Nestybox system
-containers or shiftfs; the same attack is possible with regular Docker
-containers because in those the root user in the container is in fact
-the root user on the host, so files written by the root user in the
-container have `root:root` ownership on the host.
+Note that this vulnerability is not specific to system containers or shiftfs;
+the same attack is possible with regular Docker containers because in those the
+root user in the container is in fact the root user on the host, so files
+written by the root user in the container have `root:root` ownership on the
+host.
 
 To reduce the attack surface, the following security precautions are
 recommended:
@@ -188,9 +187,9 @@ Kubernetes and containerd work properly inside the system container.
 Sysbox is a fork of the [OCI runc](https://github.com/opencontainers/runc). It is mostly
 (but not 100%) compatible with the OCI runtime specification.
 
-The incompatibilities arise from Nestybox's desire to make deployment
-of system containers possible with Docker (to save users the trouble
-of having to learn yet another tool).
+The incompatibilities arise from our desire to make deployment of system
+containers possible with Docker (to save users the trouble of having to learn
+yet another tool).
 
 We believe these incompatibilities won't negatively affect users of
 Sysbox and should mostly be transparent to them.

docs/user-guide/dind.md

@@ -1,4 +1,4 @@
-# Sysbox User Guide: Docker-in Docker
+# Sysbox-EE User Guide: Docker-in Docker
 
 ## Contents
 
@@ -24,10 +24,6 @@ the Docker on the host.
 
 This is useful for Docker sandboxing, testing, and CI/CD use cases.
 
-Moreover, it's fast and very efficient: the inner Docker uses its fast overlay2
-storage driver, and Sysbox has a [feature](images.md#inner-docker-image-sharing)
-that significantly reduces the storage overhead of the inner containers.
-
 ## Installing Docker inside the Container
 
 The easiest way is to use a system container image that has Docker preinstalled

docs/user-guide/images.md

@@ -1,4 +1,4 @@
-# Sysbox User Guide: System Container Images
+# Sysbox-EE User Guide: System Container Images
 
 ## Contents
 
@@ -35,8 +35,7 @@ how to do this.
 The [Nestybox Dockerhub repo](https://hub.docker.com/u/nestybox) has several images that
 we provide as reference for users.
 
-We often use these in the examples we provide in this User-Guide, [Quickstart guide](../quickstart/README.md), and
-Blog (<https://blog.nestybox.com>).
+We often use these in the examples we provide in this User-Guide and [Quickstart guide](../quickstart/README.md).
 
 The Dockerfiles are [here](../../dockerfiles). Feel free to copy them and adapt them to
 your needs.
@@ -59,14 +58,14 @@ This has several benefits:
 
 -   Improves efficiency:
 
-    -   Sysbox has a [feature](#inner-docker-image-sharing) that maximizes sharing
+    -   Sysbox-EE has a [feature](#inner-docker-image-sharing) that maximizes sharing
         of preloaded inner container images across system containers. This
         **significantly** reduces the storage overhead on the host.
 
 -   Ease of use:
 
     -   It's easier to deploy a system container that comes preloaded with your choice
-        of inner containers, than to pull those inner containers into system container
+        of inner containers than to pull those inner containers into system container
         at runtime.
 
 -   Air-gapped environments:
@@ -98,10 +97,9 @@ This process also works if the system container image has containerd inside
 (rather than Docker). In this case, the Dockerfile must request containerd
 to pull the inner images.
 
-Nestybox uses this feature often. For example, the
-[Dockerfile](../../dockerfiles/k8s-node) for our `nestybox/k8s-node` image (used
-for running Kubernetes-in-Docker) preloads the Kubernetes pod images using this
-same approach.
+We use this feature often. For example, the [Dockerfile](../../dockerfiles/k8s-node)
+for the `k8s-node` image (used for running Kubernetes-in-Docker) preloads the Kubernetes pod images using
+this same approach.
 
 ## Preloading Inner Container Images with Docker Commit
 
@@ -124,6 +122,8 @@ This approach is helpful as a way of saving work or exporting a working system
 container for deployment in another machine (i.e., commit the system container
 image, docker push to a repo, and docker pull from another machine).
 
+#### **-------- Sysbox-EE Feature Highlight --------**
+
 ## Inner Docker Image Sharing
 
 One of the side-effects of preloading inner container images is that the system
@@ -234,3 +234,5 @@ sysbox-mgr.
 
 See the [User Guide Configuration doc](configuration.md) for further info
 on how to do this.
+
+#### **----------------------------------------------------------**

docs/user-guide/install.md

@@ -1,4 +1,4 @@
-# Sysbox User Guide: Installation
+# Sysbox-EE User Guide: Installation
 
 ## Contents