There are plenty of OSS solutions available for your needs. Do you need real isolation, or is Docker hardening sufficient? If hardening is suddicient check out https://github.com/tastyeffectco/sandboxd/ which i'm using internaly for so many use cases