> Which would be harder to pull off than not having to find and successfully exploit a kernel bug.
that is, 'doing something is harder than not doing it'. did you try to say something meaningful here? and out of curiosity, what do you know about finding and exploiting kernel bugs? so far you seem quite confused between 'vulnerability' and 'exploit', so it might be a good idea to clear those terms up first.
> Any false sense of security would be the fault of the presentation, not
> the implementation. Would it be fool proof? Of course not, nothing is.
> Would it raise the bar, making it less likely for your system to be
> successfully compromised? Yes, at least once the implementation is
> matured and when used properly.
i don't follow you here. how can the implementation (of what, btw? kernel? SELinux? this new sandbox?) both mature and not be fool-proof at the same time? obviously exploitable kernel bugs will never go away, nor will the false sense of security, apparently. where did you say your most valuable personal box can be accessed again ;)?