While containers are leaky, they are far better than most other mechanisms.
One issue I found is that one crate I develop has a test for unreadable files. I have to detect root and say "well, I can't test this" because I have no idea how to make a file unreadable as root (in any portable enough way to warrant the extra complexity). It's the main impetus for this RFC, but I have other uses for it as well (detecting kernel feature support). Being root in the container makes it interesting to test some of these things.