If you run _same_ application in container with 20MB of files and in container with 2000MB of files, how it can affect attack surface at all? Bytes on disk are just data.
Moreover, if I use standard RPM package to run service using non-root user in limited environment using Systemd, then it will be much less riskier than running same service in container using root user, by order of magnitude less safer.
Container are not solution to problems with security. Much often they are huge security hole.
Moreover, if I use standard RPM package to run service using non-root user in limited environment using Systemd, then it will be much less riskier than running same service in container using root user, by order of magnitude less safer.
Container are not solution to problems with security. Much often they are huge security hole.