For users of my web service running on Ubuntu Server 16.04 or 18.04, I’d like to integrate features from such useful programs as ImageMagick. For example, I’d like to crop their profile pictures or create thumbnails.
So what’s the best way to isolate ImageMagick from a security perspective, taking into account that the setup should be as simple as possible and that ImageMagick will have to run every few seconds (or even multiple times per second at peak times)? Ideally, ImageMagick would not only be isolated from the host machine, but ImageMagick executions (with the data they operate on) would be isolated from each other as well.
I guess one can use a VM or containers (e.g. Docker) for this? Are containers better-suited because they are faster to set up and tear down again?
Moreover, what’s a good way to get started? I have taken a look at various manuals, but don’t know where exactly to start and which components I need.