And there's more: the generator also binds sshd to two AF_UNIX sockets for good measure given we are already at it and it's easy. One is a socket in /run/host/ if that exists and is a mount point — which is a scheme defined for full-OS containers: the idea ist that the container manager makes that dir also available on the host, so that you can connect from the host to the container via ssh-over-AF_UNIX without bothering with network config and setup.