GNU Shepherd itself doesn't implement sandboxing, but you can use the least-authority-wrapper to do namespaces. There are other tools to do more comphrensive sandboxing, which Shepherd can use, e.g. nsjail.
least-authority-wrapper: https://codeberg.org/guix/guix/src/commit/e3fbaeee1386fd447f...
Uoh, nsjail ha? The namespace for project names seems exhausted. No germans on the dev team, ey?
https://github.com/google/nsjail
What is the problematic connotation for 'nsjail' in German?
refer to a kind of jail by a political party that killed a few million people around the 40s
The Nazis party was called National Socialists... And they had a number of horrific jails.