I've been thinking about trying something like this as my main system, with Linux chroot and possibly X11 server to fill in the gaps in apps. I like the idea of sandboxing everything like Android does. Some of the things that have held me back are lack of time to tinker and wondering if I would end up using a terminal emulator and GNU/Linux command line tools for everything, which sort of nullifies the sandbox. Maybe it's still worth it if, e.g., a browser compromise can't access the emails from my email client (which is possible on my current desktop with both running under the same uid and no special access controls.)
Well, I know it's not uber-secure, but if I wanted that I would set up SELinux or something. I'm looking for something I'm familiar with and will offer better sandboxing than I have now without much work. Why won't Android do that? Is it Android's permissions system for apps? I would revoke unneeded permissions. Do you know of unpatched sandbox escape bugs that would allow a compromised browser to upload other apps' data?
