Stefan Schumacher mentioned Firejail in his talk today. It's a relatively new tool to run arbotrary GNU/Linux application in a sandbox environment.
For example firejail firefox
starts a standard FireFox browser with the FireFox Firejail profile that is part of the default package of Firejail. There are many other pre-defined profiles for other applications as well. Of course you can overwrite or create new profiles.
Profiles define white- or black-lists for read/write access on directories, network bandwidth, firewall rules, and so forth. Really powerful when you don't want to run more elaborate stuff such as Qubes OS.