I hope so too :) There are libraries at https://github.com/landlock-lsm to simplify that, I'm using these productively for a few months.
(In fact, I'm sending this from a landlocked web browser. :))
This also ties into the discussion thread about firejail being suid-root - Other than namespaces, Landlock is an unprivileged sandboxing mechanism and doesn't need to escalate privileges in order to drop privileges.
eBPF was the initial proposal, but Landlock didn't go with it in the end. It's just using a set of regular system calls, the logic behind it is just implemented in C in the kernel as a LSM.
(In fact, I'm sending this from a landlocked web browser. :))
This also ties into the discussion thread about firejail being suid-root - Other than namespaces, Landlock is an unprivileged sandboxing mechanism and doesn't need to escalate privileges in order to drop privileges.