At least Florida’s SB 868/HB 743, “Social Media Use By Minors” bill isn’t beating around the bush when it states that it would require “social media platforms to provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena.” Usually these sorts of sweeping mandates...
It’s a single frontend to using a variety of the tools that permit for running software in isolation on a single machine. Like, you can expose only limited parts of the filesystem, have them be read-only, disallow network access, run software under Xephyr or Xnest for X11, disallow sound access, stuff like that. You set up a profile for an application, and it’ll run it with those restrictions. It comes with a very limited set of application profiles made, so it’s not just an “install it with one command and then run everything maximally sandboxed” piece of software – you gotta set up a profile for an application to choose what you want restricted.