The point I was trying to make: while you can build sandboxing solutions based on Linux, the entire ecosystem has evolved without sandboxing as a first class concept, leading to numerous half-baked, half-adopted solutions that are all quite cumbersome from a user perspective.
A new OS with sandboxing by default would probably produce a applicaton ecosystem that is more secure.
Also, isolating many normally privileged facilities (like drivers, file systems, ...) is not something that is reasonable on Linux.
The point I was trying to make: while you can build sandboxing solutions based on Linux, the entire ecosystem has evolved without sandboxing as a first class concept, leading to numerous half-baked, half-adopted solutions that are all quite cumbersome from a user perspective.
A new OS with sandboxing by default would probably produce a applicaton ecosystem that is more secure.
Also, isolating many normally privileged facilities (like drivers, file systems, ...) is not something that is reasonable on Linux.