NOTE: this feature is under development and is not part of any
A sandbox is a way of separating running untrusted applications or
doing testing in isolation.
AppArmor provides a way to automatically create and control sandboxes
within the AppArmor framework.
Disadvantages of COW
A sandbox template contains a partial profile and rules + other
information used to create a sandbox
.profile - (optional)
data_dirs_X - actual data that was written
how do sandboxes work for user profiles
how does a user use system sandbox templates?