Firejail is certainly one option. Supposedly bubblewrap is more secure, but it's much lower level. The bubblejail project tries to bridge that gap, but isn't packaged for many distros. That said, even raw bubblewrap can work if you don't mind writing wrappers yourself.

For persistent system/user services you can just run things in systemd and then use its containment options to limit what they can access. It's reasonably doable to specify a service that can only see its own directories and has no extra permissions.

You can also run things in containers. If a program is running inside of podman/docker and it only has access to limited directories being mapped in, then the blast radius is pretty finite even if it runs malicious code.