>There's lock picking daily since centuries. It doesn't work

It takes time to pick one lock and twice as much to pick two.

It takes the same time to escape 1 or 10000000 sandboxes.

That's only somewhat true if we are talking about the same sandbox nested (which would be quite dumb to do).

Escaping two different sandboxes are multiple times as hard, and a sane sandbox is not trivially picked, see web browsers and that the fact that the world is not one giant botnet.

How many implementations of linux namespaces are there in the kernel? Is it more than one?

Is a wasm sandbox, or the browser not a sandbox, independent of the kernel?