The first point seems just wrong. An executable bit of code vs an executable bit of code with other bits of code next to it, doesn't change the security of the overall security tooling<p>And you can have a container with only one file, the executable, in docker/podman easily: <a href="https://docs.docker.com/build/building/base-images/#create-a-minimal-base-image-using-scratch" rel="nofollow">https://docs.docker.com/build/building/base-images/#create-a...</a><p>So this feels double wrong already.<p>- - -<p>No citations for the majority of it either.
If you want something closer to Docker functionality, take a look at <a href="https://github.com/bsdpot/pot">https://github.com/bsdpot/pot</a>