As said in podcast, LXC is great because it allows doing anything you want in user-space while still being isolated and not breaking base system.
Now the hard part is remaining. How to customize kernel-space without breaking base system. For example safely adding kernel drivers like Coral gasket-dkms.
Good luck figuring that out 