And here's the thing: the sandbox behavior must be programmed to allow the application to behave normally. So it's only as safe as the holes that were punched into it via configuration and prompts. And here's the thing: we've already got something like that for trusted applications: it's SELinux! So why you - as a developer - would want to deal with a second sandbox given that there's already a very popular way of curtailing application behavior? 8/14