Description
Creates lightweight unprivileged sandboxes using Linux namespaces. Applications and tools use it to limit filesystem and process visibility without needing a full virtual machine.
Use it as one layer of isolation, not a complete security answer for every threat. The sandbox rules decide what is actually protected.