Description
Runs poorly behaved applications in a constrained file view so they see only the files intended for them. It helps users control filesystem access for programs that ignore normal directory expectations.
Use it when you need lightweight containment for a specific application. It is not a complete security sandbox, so sensitive workloads may need stronger isolation.