So I am currently learning how LXCs work and one of the things i dont really understand is how it isnt a security issue that multiple LXCs are mapped to the same host users.

From my understanding a user inside an unpriviledged container gets mapped to its container user id +100000 on the host, so user 1000 inside the lxc is going to be user 101000 on the host.
Doesnt that also mean if i got multiple LXCs that all have the inside user of 1000 they all get mapped to the same user (101000) on the host?

Doesnt that mean if there is a container break out on one of the containers all other containers that have a user with the same id could be accessed too? (and all the resources they have access to?

THanks & sorry if this is a dumb question, but couldnt find much on that exact situation :)

I am currently redoing the network on a location i use for offsite backups, WAN is 10G/10G.

The plan was originally to to built an opnsense box with a 9th or 10th gen i5 or i7 (probably i5 9500) but a couple days ago i got a great deal on a supermicro board (with also more pcie slots for extra NICs than the consumer boards) with an E3 1220V6, so now i am thinking about using that instead.
As NIC i already got an Intel 710-DA2.

Do you think this cpu would be enough for 10G Firewall / Routing and close to 10G over Wireguard (at larger Package sizes)?

Any guess how slow it would get if i turn on DPI / IDS?

Would it make sense to upgrade to an E3 1270 v6 or 1280 v6?