@pid_eins One thing I do with sudo is allow a less privileged app process to invoke an nspawn container to run a sandboxed command. But the command is only known at runtime. I wonder if there would be any way to do that with run0.