Another criteria for a system sandboxing mechanism I would have is
that your Firefox or mpv gets temporary of shadow mounted versions
of stuff that exists for real and permanently and then is allowed
to mess with it. When it exits the profile for the application will
determine what parts may, if any, percolate out and be applied to
the shared outside world. This should be seldom used and limited
to special cases like selectively setting the flag that says
"you may exec jit in this binariy's temporary process space".
