Quick demo for Bubblewrap:
# Logged in as UID: 1000
[awx@exec01 ~]$ id
uid=1001(awx) gid=1001(awx) groups=1001(awx) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# Ensure the owner of directories under / is root:root
[awx@exec01 ~]$ ls -l /
total 24
lrwxrwxrwx. 1 root root 7 Jun 22 2021 bin -> usr/bin
...
drwxrwxrwt. 20 root root 4096 Feb 26 00:41 tmp
drwxr-xr-x. 13 root root 158 Jan 3 2023 usr
drwxr-xr-x. 21 root root 4096 Apr 28 2023 var
# Also the owner of /etc/sudo.conf is root as well
[awx@exec01 ~]$ ls -l /etc/sudo.conf
-rw-r-----. 1 root root 1786 Dec 12 2021 /etc/sudo.conf
# Launch "sandboxed" bash with Bubblewrap
[awx@exec01 ~]$ bwrap --dev-bind / / bash
# The owners are nobody
[awx@exec01 ~]$ ls -l /
total 24
lrwxrwxrwx. 1 nobody nobody 7 Jun 22 2021 bin -> usr/bin
...
drwxrwxrwt. 20 nobody nobody 4096 Feb 26 00:41 tmp
drwxr-xr-x. 13 nobody nobody 158 Jan 3 2023 usr
drwxr-xr-x. 21 nobody nobody 4096 Apr 28 2023 var
# The owner of /etc/sudo.conf is also nobody
[awx@exec01 ~]$ ls -l /etc/sudo.conf
-rw-r-----. 1 nobody nobody 1786 Dec 12 2021 /etc/sudo.conf
# nobody is UID: 65534
[awx@exec01 ~]$ ls -ln /etc/sudo.conf
-rw-r-----. 1 65534 65534 1786 Dec 12 2021 /etc/sudo.conf
# The "sudo" is not working anymore. This is the error you've faced
[awx@exec01 ~]$ sudo echo hoge
sudo: /etc/sudo.conf is owned by uid 65534, should be 0
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set