Comment by M95D

I do use Gentoo currently, but it's so very hard to keep programs from monitoring what happens in the system via dbus and the only firewall for outgoing connections, OpenSnitch, hard-depends on it. Running every major program in a container is NOT a solution.

So far Linus has kept these things outside the kernel, but he won't live forever.