as far as SDK for sandboxing goes, again there should be no need for that. that is matter of sandbox it self, not your application. you need port 34534 for example, your socket code is just as usual, no difference. but, unless you specified sandbox to open it for you, sandbox simply won't allow it to pass trough. beside security, it also gives great overview of what application will do before it can do it. unlike half assed sandboxing in android for example
not all applications would make sense to deploy like that, hell... i love package distribution. but for a lot... it's a way to go. it's also a way to get commercial development on board since targets are not restricted to singular distribution and you can provide long term support without the need to patch it every week just because some OSS project changed. not to mention the flaw of package management, usually you get constricted to specified version of app for whole life time of that distro, where installing newer can be rather painful experience.