Terminal apps in sandbox

Can terminal apps be sandboxed similarly to how macOS sandboxes apps? I need to be able to browse. I need to be able to open files. I need to be able to save files. Can access scope be limited without hindering productivity at an acceptable balance?

Can Docker be used for this? Docker uses macOS Hypervisor. Docker is sub-second fast.