I have merged the standard sandbox into Woof-CE, so newer puppies should have sandbox.sh built-in.
As you are probably aware by now, "container" is full of hype and stuff. For Windows users these kind of things are probably "new" and "interesting", but for Linux they're re-packaged old stuff. A container is just "chroot on steroid" and there are many ways to achieve it.
The most basic way you can just use "unshare" command from recent core-utils (in fact, sandbox.sh from Fatdog uses this if it's available instead of just standard "chroot"). If you want to run a process inside an existing namespace, you can use "nsenter" (also from core-utils).
Of course, the basic tools for Linux container is LXC, and this is what I use for sandbox-lxc.sh/rw-sandbox-lxc.sh.