OpenBSD's vmm(4) isn't related to FreeBSD bhyve, but Mike and Reyk were invited to talk about it in Tokyo. :-)
Curious what exactly those do.
Historically chroot and systrace have been felt to be "good enough" but they have in my experience been tedious to set up.
"Applications that use clone()-like system calls to share the complete address space between processes may be able to replace system call arguments after they have been evaluated by systrace and escape policy enforcement."
OpenBSD apps leverage traditional approaches heavily like chroot and privilege separation through different users - even within applications but there is no network separation or similar as in jails or Linux namespaces.
Nothing really seems available which seems sad.
I like that a lot but I'd like to know it can do emulation.