You’re right, containers are not VMs, and I’ve never claimed that. For the matter of basic unix access control for a beginner they are similar enough to treat them as such. It’s enough of a baseline for basic security for a beginners workload imo. For advanced use cases - absolutely do not treat containers as you would VMs.
Das ist der normale Modus Operandi der BSI. Solange die technische Richtlinie erfüllt ist, ist alles tiptop, egal was passiert.