I would like to have thoughts and views for the use case below:
Use containers to run un-trusted and highly suspicious software/malware, similar to sandbox. For example run browser in container and access the suspicious sites in browser and then blow up the container on user exit. So kind of new browser in container for each session.
What additional security practices recommend.
Google has a project (https://github.com/google/gvisor).
Similarly, I have seen few posts here and there regarding hardened Kernal when running containers.
Wondering, about security of Lxc/d in above use case and is there any best practices, hardened kernal or other options advised and available.