Description
Runs processes inside lightweight isolation using Linux namespaces, resource limits, and related sandboxing controls. It is useful for tests, build systems, services, or security workflows that need constrained execution.
Use it when you understand the isolation model and which resources are allowed. Sandboxes reduce risk but do not automatically make untrusted code safe.