In Lua, it's trivial and very cheap (4kb of memory) to create a new Lua VM. Thus, it's trivial to create cheap lua "jails". Then, if the untrusted code misbehaves, I just kill the Lua VM.
I'm aware of https://github.com/Licenser/clj-sandbox but it appears to just wrap around Java ... which would make untrusted code thread be native Java threads, which I would then be powerless to kill.
Is there anyway to create cheap / light weight Clojure jails?
I'm the (co)author of a little library called clojail that was kind of a rethinking of clj-sandbox. It also makes use of the Java sandbox, but also provides features for sandboxing Clojure-specific things. tryclj and 4clojure make use of it.
I don't understand what you mean by the rest of that. The JVM sandbox is great in that it can prevent I/O. Clojail goes the rest of the way by allowing timeouts to prevent long running code. If what you're saying is that "people could create threads and I wouldn't be able to kill them", clojail kills threads created inside of the sandbox and generally does its best to prevent stray threads from running away. The JVM sandbox (and clojail specific stuff) still prevents dangerous code from running on threads as well.
In summary, check out clojail. It might be what you need. It is sufficient for most purposes, and is the only game in town (save for clj-sandbox which isn't maintained) for jails. It isn't always the best solution but it is usually the easiest.
The next step up if clojail doesn't do what you need is to roll your own jailing mechanism that involves using the JVM sandbox and spinning off JVMs. This has massive overhead, so I'd avoid it if anyway possible. Definitely not in 4KB Luatown anymore. ;)