In the “Building application sandboxes on top of LXC and KVM with libvirt” FOSDEM presentation, Red Hat developer Daniel Berrange introduced libvirt-sandbox, which confines individual applications in a secured area (“sandbox“) using the KVM (Kernel-based Virtual Machine) virtualisation solution or LXC (Linux Containers). In the KVM variant, the program starts the kernel and initramfs in a virtual machine (VM), which launch the application after booting.