I think a combination of custom users + a whole bunch of sandboxing is exactly what you'd get out of systemd-nspawn if you're willing to write the config: https://wiki.archlinux.org/title/Systemd-nspawn
bwrap seems a lot easier but if you want more control (or, for instance, want to run a Ubuntu basis because that's what a lot of games are compiled against), systemd-nspawn can be quite powerful.
bwrap seems a lot easier but if you want more control (or, for instance, want to run a Ubuntu basis because that's what a lot of games are compiled against), systemd-nspawn can be quite powerful.