Comment by simonw

The biggest one is I don't want someone submitting malicious (or just poorly designed) code that crashes my server - hence the focus on memory and CPU limits.

I also need to limit filesystem access - don't want them stealing private files from elsewhere on the system, or filling the disk with garbage data (again causing a crash).

Network access restrictions are important too - I don't want my server becoming part of some DDoS attack, or an attacker using it to hit supposedly safe internal endpoints (SSRF).