Not sure I understand what you are saying. I know that Docker uses AUFS. I'm not saying sandboxing in Docker is overkill. I'm saying that using separate containers for application dependencies rather than running them all in the same container is often making things more complicated than necessary.
Obviously some people have good reasons to use links, like they need to run lots of databases on different servers or something. But for most installations that don't need to scale to serve millions of people, putting all of the application dependencies in one container makes a lot more sense.
Oh! It seems I misunderstood your comment. My apologies. Yes, it makes sense to use one container for all the dependencies pertaining to an application. However, if you are running multiple applications on the same server, you can sandbox them by running them in different containers.
I've settled on running 5 or 6 containers rather than one big one with 5 or 6 processes because:
I can host some containers on other physical hosts - I don't need to keep thinking (what if I fill up the biggest droplet on Digital Ocean) - If one of the services dies or needed kicking - 5/6 of the stack is unaffected - Orchestration is really only a matter of network endpoints getting written to environment variables - not too taxing
Running everything is one container also has it's advantages - like being able to push the whole stack as one image.
Obviously some people have good reasons to use links, like they need to run lots of databases on different servers or something. But for most installations that don't need to scale to serve millions of people, putting all of the application dependencies in one container makes a lot more sense.