Unix permissions were written at a time where the (multi user) system was protecting itself from the user. Every program ran at the same privileges of the user, because it wasn't a security consideration that maybe the program doesn't do what the user thinks it does. That's why in the list of classic Unix tools there is nothing to sandbox programs or anything like that, it was a non issue

And today this is.. not sufficient. What we require today is to run software protected from each other. For quite some time I tried to use Unix permissions for this (one user per application I run), but it's totally unworkable. You need a capabilities model, not an user permission model

Anyway I already linked this elsewhere in this thread but in this comment it's a better fit https://xkcd.com/1200/

This assumes people know more than just writing Dockerfiles and push straight to production. This is still a rarity.

Linux kernel is ridden with local privilege escalation vulnerabilities. This approach works for trusted software that you just want to contain, but it won't work for malicious software.

Because that is actually UNIX user permissions/groups, with a long history of what works, and what doesn't?

Agreed! systemd nspawn is actually pretty awesome, though not many people use it.

cgroups are part of whats used to implement docker and podman