If an OS is designed to do this from the ground up, it can be incredibly efficient. (See: SeL4). Each process on linux is essentially its own isolated virtual machine already. Linux processes just have all sorts of ambient authority - for example, to access the filesystem and network on behalf of the user which started the process. Restricting what a process can do (sandboxing it) shouldn't have any bearing on performance.