Fundamental Concepts
Multi-Sandboxing is based on the the Kernel & Features Specification (KF).
It allows an application code to be split between multiples parts:
the main application, called the Kernel,
zero or more applications called Features.
Therefore, a Kernel Application relates to the Kernel concept and a Sandboxed Application relates to the Feature concept.
Some fundamental points:
The Kernel is mandatory. It is assumed to be reliable, trusted and cannot be modified.
A Feature is an application “extension” managed by the Kernel.
A Feature is fully controlled by the Kernel: it can be installed, started, stopped and uninstalled at any time independent of the system state (particularly, a Feature never depends on another Feature to be stopped).
A Feature is optional, potentially not-trusted, maybe unreliable and can be executed without jeopardizing the safety of the Kernel execution and other Features.
Resources accesses (RAM, hardware peripherals, CPU time, …) are under control of the Kernel.
Note
You can go further by reading the Kernel & Features Specification.