SELinux -- working the magic
My dream is that I'll one day have an SELinux profile for Firefox. Most SELinux resources I find basically say something to the effect of "leave it to the professionals." Maybe there's some SELinux profile out there for this?
I know SELinux provides a sandbox mode, but it seems too restrictive for me. I think a profile that would allow writing to the downloads folder but deny pretty much everything else would be excellent from a security perspective.
Web browsers are constantly parsing untrusted code, which makes them the most likely security flaw on the system. Locking it down with SELinux would be tremendous.