Comment by wolttam
15 hours ago
Running as root opens you up to a class of vulnerabilities (denial of service, mainly) that you can avoid by not running as root.
That said, running every process in its own micro VM is looking more attractive by the minute.
Half the point is that you should always assume that there exists a complete LPE bug.
But yes, micro VMs are a great idea!