The invention of containers (FreeBSD jails) was to automate restoring vulnerable web apps that couldn't be patched / updated (edit: as well as allowing shared hosting with different perl requirements to co-exist on the same server) Every time tampering was detected they automated restoration and watched the attacker squirm as their changes kept reverting and files were disappearing.

Don't dismiss this concept. It's a perfectly valid approach in some scenarios.