This is addressed in the paper. Performance overhead is in the ballpark of 10-20%. They are able to improve on the performance of a purely ptrace-based sandbox by using seccomp to ensure that only the syscalls that need to be intercepted are sent to ptrace.
The benefit mbox has over unshare+aufs is that mbox doesn't require root privileges.
The benefit mbox has over unshare+aufs is that mbox doesn't require root privileges.