This can go some way to letting users know about restrictions (warning: cannot access files outside of working directory), but it's definitely not enough. There are just too many ways to do things.
Instead, you should enclose the session in a virtual machine.
P.S.: I had thought a container would be fine, but it's not according to this thread on StackExchange's Information Security board.