ajail: a basic jail for programs you don't completely trust
Summary
ajail provides a lightweight, auditable jail environment built on bubblewrap to isolate potentially untrusted code. It emphasizes simplicity (about 300 lines of Python), ephemeral root filesystems, and easy per-directory control with flags like --ro, --rw, --clone, and --hide, plus distro-specific mkfs scripts. Useful for quick security experiments, it also discusses the tradeoffs with full containers.