> Security: I run every Pi session in a Docker container and give it permissions only to bash so that it can’t run Python code or do web browsing

How does that work? The script in the post references the file "docker-compose.sandbox.yml", but I don't anything about what that file does.

The post that this one links to, that it's based on, says that Pi doesn't do proper sandboxing.

Presumably bash can still execute other binaries, otherwise it would be fairly useless. What stops it from executing Python? Or opening a network connection and downloading Python?