A plug in this section for the Unix thread: https://www.wilderssecurity.com/threads/firejail-linux-sandbox.369309 This is about the program Firejail which provides an easy-to-use sandbox for Linux applications. It uses kernel functions including seccomp-bpf and chroot and has some out-of-the box profiles for Ice Weasel and Firefox. Chrome is already using some of these techniques, although Firejail gives more control (for example offering a private function which will delete everything). I've found it easy to run other programs like LibreOffice under it and there is scope for customizing profiles. My experience is that it's much easier than Apparmor, and reminds me in some ways of Sandboxie. For those who believe sandboxing isn't beneficial for Linux, reflect on Flash and Firefox....