Comment by cosmic_cheese

Docker style containerization technically works, but for desktop use I think is a rather heavy kludge and not really a solution.

It would be much more nice if e.g. daemons could have their privileges pared down to only exactly what they need to function and nothing more with a config file somewhere. This can somewhat be achieved with the user system, but that really doesn’t scale well and doesn’t suit the purpose all that well in some ways.