It buys you conformance to Conway's Law. The team building the media center is that much more certain that the climate control code is fully isolated, up to and including the ability to have their own fully isolated filesystem so updating a single library won't take anything else down (and updating a single library doesn't require buy-in from everybody who works on the car), and that they only communicate exactly and only on the published API specs and not via dropping undocumented files on the file system or other such things. (Or if they do, you have a place to see that they have a weird bind mount they really shouldn't, etc.)
I wouldn't consider this a night & day change, but an incremental one. But a good incremental one overall; I wouldn't drop everything to implement this but I'd definitely see it as a good thing even in the absence of functionality improvements. There's other benefits too like being able to update just one container in case of some problem, and having the blast radius more thoroughly contained than it would be with everything installed into one big base system.
I'm not saying that containers are useless and it is more sealed than just separate UIDs, but in theory you could have all those benefits with separate paths for separate users too. Didn't Android also use UIDs for app level separation?
The problem with that approach is that as you scale up, it becomes hard to be sure you're isolated. And that lack of clarity in the human comprehension turns into technical ways in which it will turn out that you're not isolated after all, for instance my example of a base system library upgrade that one team does and breaks another team.
You can in theory fully isolate everything between teams, but without technical barriers preventing you from crossing, you will eventually cross.
Plus you have the problem that while full isolation will benefit your project and your company three to five years from now, violating the isolation benefits the company now. Every monolithic bit of software in the world could have been split, but there are real reasons why it wasn't, and they don't go away because someone observes that it could have been done a different way.
Isolated containers, by providing a technical barrier, allow the teams to be sure that they are both isolated from other teams breaking them, and breaking other teams, with things like library upgrades. It's a significant change.
It is productive to consider the difference in the Android world, but I would submit the isolation works in another dimension there, by virtue of the various apps being by necessity utterly isolated in Conway's Law terms. Within a single corporate entity there are many more temptations to get short-term wins by violating the barriers that theoretically should be there.
easier done with dedicated Controllers instead of one BIG controller that needs to containerise its software? Why does the rear camera and lights need to use the same controller as the Engine sensors? This way you even avoid the latest "CAN bus injection attack" that are using the lights connection to inject Key Crypto attacks. not everything needs to be integrated.
