Isolate is a sandbox built to safely run untrusted executables, offering them a limited-access environment and preventing them from affecting the host system. It takes advantage of features specific to the Linux kernel, like namespaces and control groups.
Isolate was developed by Martin Mareš (firstname.lastname@example.org) and Bernard Blackham (email@example.com), who still maintain it. Several other people contributed patches for features and bug fixes (see Git history for a list). Thanks!
Originally, Isolate was a part of the Moe Contest Environment, but it evolved to a separate project used by different contest systems, most prominently CMS. It now lives at GitHub, where you can submit bug reports and feature requests.
To compile Isolate, you need the headers for the libcap library (usually available in a libcap-dev package).
You may need
a2x (found in AsciiDoc) for building manual.
But if you only want the isolate binary, you can just run