Using Ubuntu 11.04 as a Desktop OS, I want to reach "bigger security" with a "jailing" processes:
VirtualBox, Google Chrome, Firefox, VLC, PDF/djvu reader, MP3 player, wine, pidgin, transmission, LibreOffice.
Normally I would create separate users, and put .desktop icons on the "main users" Desktop, with using gksu+/sudoers setting/ in the .desktop files to "passwordlessly" launch the application as different user.
If I understand correctly Qubes OS uses XEN to really separate the applications from each other.
The Question: How could I sandbox/chroot/jail (or however you say it) the above applications so that the main user just has to click on an icon on his Desktop to launch them without the system asking for password?