I don't think you even need a container for that type of containment.

You could do it with namespaces.

I think node/whatever-js-run-time/package-manger could allow for namespaced containment for packages with simple modern linux things.

The realms proposal was a step towards that at one time.