> PRoot supports OS resource virtualization in a way conceptually similar to namespaces. It does that by tracing processes with ptrace, the system call that debuggers rely on, which does not require root privileges.

https://guix-hpc.bordeaux.inria.fr/blog/2017/10/using-guix-without-being-root/

Do you know what this means? This means producing a working # from # isn't intractable after all!

There is a performance hit if your software does a lot of syscalls.