Try Firejail
The goal of this issue to test Firejail in combination with the Melissa launcher with local job execution and to evaluate simplicity of use.
Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.
Edited by Christoph Conrads