Everyone sane runs sensitive systems "system high" now, where there's a machine dedicated per task. User/process/thread security in UNIX/POSIX/etc. is bullshit weak sauce, sadly.
You can use VMs for some of that, but that's the limit on sharing (and that's if you trust your hypervisor to be a separation kernel thing; reasonable for many people. Not for others.) Docker/containers isn't enough. Users aren't enough. Processes aren't enough.
You can use VMs for some of that, but that's the limit on sharing (and that's if you trust your hypervisor to be a separation kernel thing; reasonable for many people. Not for others.) Docker/containers isn't enough. Users aren't enough. Processes aren't enough.