Method for creating isolated software execution environments, provided by some operating system kernels
