I want to run certain applications that are Windows only, and I wanted to know if there is any sand boxing as most of the programs that are Windows only tend to be invasive. I know VMs are another option but there is usually a performance toll with that and I am running a low to mid range laptop
You could create systemd services to control wine for each app you want to run, that way you can use systemd’s sandboxing.