systemd nowadays has a lot of sandboxing built in [0]! You can achieve jails using just systemd and no separate container manager.

[0]: https://wiki.archlinux.org/title/Systemd/Sandboxing