Proper sandboxing in Unix was a missing feature forever since SUID bit was introduced and was slowly mitigated by adding layers of virtualization instead of OS-level controls.