[first_amendment]

Unfortunately containers aren't considered secure enough for malicious users while VMs are.

[cyphar]

Solaris/illumos Zones and FreeBSD Jails most definitely are considered secure for malicious users. And they've been secure for more than a few years.

[AstralStorm]

Neither are most unikernels. Especially the weak points are file system and network handling. Generally the security of VMs is enforced by hardware and improved by limited attack surface - few drivers to audit, limited communication APIs. You can do the same with general purpose OS by cutting options.

[first_amendment]

I'm not talking about unikernels. I'm talking about the VMs that isolate them from each other. The VM isolation mechanism is considered secure enough to isolate malicious users, while the container isolation mechanism isn't (at least Linux-based containers).