No, this is
- buying a surface from Microsoft
- immediately wiping it and installing Linux
- Microsoft then forcing you to authenticate using the device that is only tied to your account via purchase, and NOT login records, AND disabling other forms of auth
It means that if someone breaks out of your container, they can only do things that user can do.
Can that user access your private documents (are these documents in a container that also runs under that user)?
Can that user sudo?
Can that user access SSH keys and jump to other computers?
Generally speaking, the answer to all of these should be “no”, meaning that each group of containers (or risk levels etc) get their own account.