Let the programmer sandbox themselves!

Startup and configuration portions of programs often require much more access than when doing actual work.

We want to allow the programmer to choose when to restrict
the filesystem.

Goal: Tighter restrictions in the important parts of the program.

As a result, this becomes a little different than chroot and friends

Much different from "external" methods