Complexity

That's just the way Linux works. Any user can cause executable files to be written to their home directory, and can then run them. But, like most people, I am the admin of my computer, so I don't need to ask anyone's permission to install software.

> if 0install needs to run tar as root to install it's applications, and you don't want to trust tar as root, then you shouldn't trust it. untar the files as the user and then change their permissions afterwords.

0install doesn't run tar as root. It runs it as my normal user. But that's still more privileges that I'd like to give it.

For example, let's say I'm installing OpenTTD. Currently, 0install downloads the archive as my user (talex), unpacks it, verifies it, and runs it. OpenTTD does not gain root privileges on my system, but it does run with my user privileges. I'd like to restrict it further so that, for example, it can't read or write to my home directory (or anywhere except it's own data directory).

> But namespaces are intended to replace chroot, so you would not be likely to use chroot and namespaces together.

So, what is the replacement for chroot in the new namespaces world then? Should I unmount all existing filesystems and mount something new over the real root? I'm not sure how to do that.