A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
Why do you think that https://github.com/bytecodealliance/wit-bindgen is a good alternative to nsjail