Are we partially re-inventing flatpak which is internally using bubblewrap?
I guess we have a nicer decoupled design.
Also interesting, perhaps worth not re-inventing, regarding /shared:
sandbox-app-launcher (bubblewrap based) will probably be incompatible with applications from flatpak since these have their own bubblewrap based mandatory sandbox?