@mk @theorytoe @dcc @bonifartius no, containers add some security, cause with shit like honeygain putting your account password in command line it is better not to see all process list, and better not to see whole os filesystem in case some confidential file is left world readable. but you don't need docker for this, you can containerize services with systemd-nspawn, or use lxc. lxd out of the box is already more secure than docker, it uses subuid. docker is focused on functionality so it sacrifies some security for privileged features like host networking.