[Chris660]

In addition to the other suggestions, you might want to check-out distrobox: https://github.com/89luca89/distrobox

It provides support for starting host commands within a container, and also exporting commands from containers to the host.

[yencabulator]

Last I looked, distrobox made $HOME fully accessible to all its containers. That's the very opposite of parent comment's "protect against the most trivial of supply chain attacks".