[LukeShu]

> but point I was driving at is the restrictions here at the application level and not at the system level.

Your point is well-taken!

I'm obviously not privy the the conversations you've had with potential customers, so I'm not entirely sure what they're asking for. But (IMO) the way to think of a restricted shell is to think of it as a shell that can't do anything, except for a small list of narrowly defined tasks. Thinking of it as a normal full shell, with "unsafe" things disabled, that's a losing game, as you note.