No Nonsense Containers: a simple Linux containerization tool, secure by default, with support for presets.

https://github.com/brendoncarroll/nnc

I use it for running agents locally.

  nnc run /usr/bin/opencode --preset agent

You can make your own presets (which nnc looks for in ~/.config/nnc/presets) or use one from the standard library

https://github.com/brendoncarroll/nnc/tree/master/presets

Presets are written in Jsonnet, and resolve to a list of things to pass through from the parent process into the container. Presets can reference other presets, so you can build up arbitrary rules for passing files and devices into containers, give those rules a name, and reference them later.