Well, these are some kind of lightweight container, no? But without isolating network, or /etc, /proc, /usr, /var or dbus.
I do agree that linux needs a notion of an “app” (isolated, with access only to its config and files you give it, and a small, well-designed set of APIs for interacting with the system). For coding agents, I think a better answer are development containers, because that would be needed to prevent npm/cargo/python build scripts from causing harm anyway.
Well, these are some kind of lightweight container, no? But without isolating network, or /etc, /proc, /usr, /var or dbus.
I do agree that linux needs a notion of an “app” (isolated, with access only to its config and files you give it, and a small, well-designed set of APIs for interacting with the system). For coding agents, I think a better answer are development containers, because that would be needed to prevent npm/cargo/python build scripts from causing harm anyway.