binctr Anonymous 07/12/2017 (Wed) 22:14:48 No. 10361 del
"Create fully static, including rootfs embedded, binaries that pop you directly into a container. Can be run by an unprivileged user."

Seems interesting:
https://github.com/jessfraz/binctr

Someone should apply this on an entire system, like openbsd team did with pledge(2).