Improvements to the sandbox and supervisor machinery itself. - [ ] We should be able to sandbox any arbitrary container, not just containers specifically configured for OpenShell. - [ ] Drop elevated privileges such as `CAP_SYS_ADMIN` for running the supervisor. - [ ] Support different topologies such as running the supervisor simply as a network proxy. - [ ] Implement various isolation backends. - [ ] Configure Sandboxes with driver specific properties.
Improvements to the sandbox and supervisor machinery itself.
CAP_SYS_ADMINfor running the supervisor.