netbsdnoob So basically do all the functionalities (or most of them) are implemented through sandboxctl and/or mksandbox ?
No, they're just handy tools to automate the creation of chroots. NetBSD kernel doesn't support OS-level virtualization.
I'd dare say virtualized rump kernels (on Xen) would somehow address the problem with isolation by restricting the underlying surface, but sadly projects like Rumprun have been stagnating for years now.