I mean, that’s true regardless of how it is running. If the service is externally available, it will be probed for vulnerabilities. At least with a container, you can ward off what files it has access to, so an attacker can’t just ransomware your entire NAS with a single vulnerable service.
Containers = Yet Another Attack Surface.
Eh, containers are fine if you know what you’re doing. Just run them in a VM if you want more isolation.
Definitely not for the average user though.
I mean, that’s true regardless of how it is running. If the service is externally available, it will be probed for vulnerabilities. At least with a container, you can ward off what files it has access to, so an attacker can’t just ransomware your entire NAS with a single vulnerable service.