> I want a sandboxed OS where random app X doesn't access my $HOME data just because it feels like it.
You should check out XFENCE[1], formerly known as Little Flocker, and made by Jonathan Zdziarski who sold it to F-Secure after he was hired by Apple as a security guy.
You should check out XFENCE[1], formerly known as Little Flocker, and made by Jonathan Zdziarski who sold it to F-Secure after he was hired by Apple as a security guy.
[1]: https://beta.f-secure.com/key/XFence