I hear this refrain a lot but I never really understood it. Could you explain? I would personally feel much more comfortable running a process as a unique user in an fresh Ubuntu container than running it in a chroot. One needn't go far to find a huge number of chroot escape methods.