Policy-based container cotenancy

What is claimed is: 1. A non-transitory computer-readable storage device storing instructions that, when executed on a computing system, cause the computing system to: determine that characteristics of a new software container match a cotenant policy of an existing software container on a container instance, the cotenant policy of the existing software container created by an entity that created the existing software container; determine that characteristics of the existing software container match a cotenant policy of the new software container, the cotenant policy of the new software container created by an entity that created the new software container; and cause the new software container to be created on the container instance; wherein each software container comprises a program, data, and a system library and wherein each software container has its own namespace; and wherein each cotenant policy for a software container includes a restriction as to other software containers that can execute in the same container instance. 2. The non-transitory computer-readable storage device of claim 1 wherein the instructions, when executed, cause the computing system to determine that the characteristics of the new software container match a separate cotenant policy of each of a plurality of existing software containers on the container instance. 3. The non-transitory computer-readable storage device of claim 1 wherein each cotenant policy includes a cotenant requirement which specifies a characteristic of another software container candidate for creation on the container instance. 4. The non-transitory computer-readable storage device of claim 1 wherein at least one cotenant policy includes a trust score which other candidate software containers must meet in order to be created on the container instance. 5. A system, comprising: one or more processors; and storage containing instructions that, when executed, cause the one or more processors to: compare characteristics of a software container to a cotenant policy that includes a restriction as to characteristics of software containers that can run in a container instance; determine whether launching a software container in the container instance would violate the cotenant policy; and for no violation of the cotenant policy, cause the software container to be launched in the container instance; wherein each cotenant policy for a software container includes a restriction as to other software containers that can execute in the same container instance; and wherein each software container comprises a program, data, and a system library and wherein each software container has its own namespace. 6. The system of claim 5 wherein the instructions, when executed, cause the one or more processors to receive a request to create a new software container, and wherein the cotenant policy is a cotenant policy of the new software container, and wherein the software container characteristics include characteristics of a software container that is already running in the container instance. 7. The system of claim 5 wherein the instructions, when executed, cause the one or more processors to receive a request to create a new software container, and wherein the software container characteristics include characteristics of the new software container, and wherein the cotenant policy is a cotenant policy for a software container that is already running in the container instance. 8. The system of claim 5 wherein the instructions, when executed, cause the one or more processors to: while the container instance runs the software container, compare the cotenant policy to the software container characteristics; reassess whether continued running of the software container in the container instance violates the cotenant policy; and for a cotenant policy violation, migrate the software container to another container instance. 9. The system of claim 5 wherein the instructions, when executed, cause the one or more processors to: receive a request to create the software container; and select the container instance on which to launch the software container based on no violation of the cotenant policy and based on a software container image type included in the request. 10. The system of claim 5 wherein the restriction in the cotenant policy includes at least one of: a software container image type; a security type; cotenant traffic; and a geographical location. 11. The system of claim 5 wherein the instructions, when executed, cause the one or more processors to: compute a separate trust score for each of a plurality of software containers, each trust score computed based on a plurality of features of the corresponding software container, and select the container instance in which to launch the software container based on no violation of the cotenant policy, wherein the cotenant policy specifies a threshold trust score. 12. The system of claim 11 wherein the instructions, when executed, cause the one or more processors to: receive a change to an existing cotenant policy to produce a changed cotenant policy; determine whether the changed cotenant policy is in violation; and migrate a software container from the container instance to a different container instance. 13. The system of claim 5 wherein the instructions, when executed, cause the one or more processors to: determine whether launching the software container would violate a security parameter despite the cotenant policy; and for no violation of the cotenant policy but a positive determination that the software container would violate the security parameter, launching the software container in its own container instance. 14. A computer-implemented method, comprising: receiving a request for creation of a new software container; determining a candidate set of container instances on which to launch the new software container; for an existing software container already running in a container instance, comparing a cotenant policy of the existing software container to characteristics of the new software container, the cotenant policy of the existing software container created by an entity that created the existing software container; and upon determining that launching the new software container complies with the existing software container's cotenant policy, launching the new software container in the same container instance in which the existing software container is running; wherein each cotenant policy for a software container includes a restriction as to other software containers that can execute in the same container instance; and wherein each software container comprises a program, data, and a system library and wherein each software container has its own namespace. 15. The method of claim 14 further comprising comparing a cotenant policy of the new software container to characteristics of the existing software container. 16. The method of claim 15 further wherein launching the new software container comprises launching the new software container in the same container instance in which the existing software container is running upon determining that launching the new software container complies both with the cotenant policy of the new software container and the cotenant policy of the existing software container. 17. The method of claim 14 further comprising: computing a trust score for the new software container before it is launched in the same container instance that hosts the existing software container; wherein the cotenant policy includes a trus