not exactly, but it is not worth the complexity. unveil makes sure my browser has no access to my filesystem (outside the folders it needs)
Discussion
Yes.
Also nixOS is a noteworthy mention, its basically an OS speced in a config file, and you can use a config that was designed and audited by greybeards (like nixBitcoin), I heard there is a config that gets you far with isolation, but not as far as Qubes/Xen.