Notes on Linux/UNIX process isolation, jailing (à la Docker, podman), etc.
Software:
nsjail.dev
minijail. Sandboxing and containment tool used in ChromeOS and Android.
firejail. Linux namespaces and seccomp-bpf-based sandboxing.