You can do a lot with seccomp filters that would stop even root messing things up too badly, down to path level io filtering unless I misremember