Description
Runs a command inside a restricted environment with a chosen root and user identity. Administrators use it to reduce what a process can see or access during controlled tasks.
Use it only when you understand chroot-style isolation and user permissions. It is not a complete security sandbox by itself, so do not treat it as a replacement for containers or stronger isolation.