Simo Sorce s@ssimo.org writes:
sandbox -i $HOME/.mozilla/extensions -i $HOME/.mozilla/plugins -i $HOME/.mozilla/firefox/abcdefgh.sandbox -i $HOME/.mozilla/firefox/profiles.ini -w 1024x900 -t sandbox_web_t -M -X /usr/bin/firefox -P sandbox $*
It requires at least a basic SeLinux Policy installed and the sandbox program, but it is really neat in that it completely isolates the browser and crates a completely new environment for it to run.
Can't the browser still talk anything it wants with the X server? Or does your X server somehow understand selinux labels?