LXC subgid subuid

Using subgid & subuid for id remapping is good for security. The idea behind it is an attacker can’t do harmfull stuff if he manages to get out of the container right?

But how about doing harmfull things to other containers which are mapped to the same ID range?

Here is an example where the containers are mapped in different ranges:

Should this be done to maximize security or is it unneccessary?

Different idmaps per container is a thing, and it’s a feature available in Incus as an option.