This set of patches implements <hostdev caps=net> interface isolation in containers, thus allowing an interface NIC to be assigned exclusively to a container-domain. This is done like moving veth devices in container namespaces, only this time it is actual host devices.