I just made my "sbtar" project public. It is an experimental implementation of tar (currently supporting extract mode only) that uses various operating systems' sandboxing technologies to isolate itself before parsing and extracting a tar file. It currently supports FreeBSD, OpenBSD, and macOS.

I wrote it mainly to help myself understand Rust and its foreign function interface APIs and to safely extract backups on my NAS. If you're interested, it can be found on GitHub and GitLab: https://github.com/stephen-fox/sbtar