Matthew Miller wrote:
I really would like all my desktop applications to run in a sandbox,
whether they come from upstream directly or from us.
Why? This artificially restricts what your applications can do and also
hurts performance. It doesn't buy us anything other than problems! And what
about libraries? Will they get bundled into each sandbox as the "app"
principle seems to suggest?
Kevin Kofler
(who has SELinux disabled)