Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces. It currently implements hostname, filesystem, PID, IPC, and networking stack isolation, and it runs on any recent Linux system. It includes a sandbox profile for Mozilla Firefox. Firejail also expands the restricted shell facility found in bash by adding Linux namespace support. It supports sandboxing specific users upon login. The software also includes a small monitoring utility, firemon.
wsh allows you to execute commands on multiple machines in parallel. It is secure and fast, and even outperforms ansible. It works by having an agent live on the machine. When you run wshc, it sshes and execs wshd and sends commands over the encrypted channel. wshd executes the commands and sends the results back.