Containers (lxc) and sandboxing for economy computers

I found information online that argued that sandboxing was better for security isolation than virtualization. What do VMs have that an excellent SELinux labeling policy doesn’t have? What is sandboxing alone not shielding from attackers and probes?

Some virtualization methods are more system resource demanding than others. KVM is “lighter” than bloat Oracle, for example. Containers require even less system memory. I have a computer that can just barely support Virtual Box but probably can support KVM if I get RADs right for the WS.

But this got me thinking about containers. Would a Kicksecure container be any good? What about GW and WS in separate containers? Even more compartmentalization between WS and GW that way?

How important is full kernel abstraction with VMs for secure isolation? What do containers lack? There is profiling information that is kept confidential through virtualization that may be exposed by sandboxing?

Some one might feel “threatened” by expensive computers so economy containerization if possible might be good to develop. Leads to some interesting questions and learning experiences anyway.

Hmmmm my understanding is sandboxxing and virtualization could both be used depending on your hardware specs. For example a lot of people like to use virtualization because it’s a more user-friendly option. Whereas sandboxxes require a bit of a learning curve. Most normies would rather just download software for virtualization than learn something like MAC control. Even slightly easier protocols like bwrap or firejail aren’t as user-friendly. Remember the vast majority of people aim for usability. On the other hand sandboxxes can be ran on hardware that doesn’t have the power to run virtual machines. I would think it also depends on what you’re running inside a VM. Containers are probably no worse than someone running stock operating systems inside a virtual machine. If you’re hardware has the power to virtualize, you might as well run something like Qubes or Whonix in my opinion. Because they provide more security outside of just virtualization. Someone else might be able to give a better more detailed answer. But it seems like to me anyways that both could work. The one hiccup being giving people a container that implements extreme usability and user-friendliness that could be an alternative to virtualization.