Bubblewrap
Run applications in a sandbox using Linux namespaces without root privileges, with user namespacing provided via setuid binary.
Run applications in a sandbox using Linux namespaces without root privileges, with user namespacing provided via setuid binary.