One possible argument in favor of the VM-based approach is that we could run “unsafe” apps in sysmaint sessions safely. We went to a great deal of effort to prevent people from launching Firefox in a sysmaint session because of the dangers it poses, but launching a virtual machine sandbox with Firefox in it would be much safer than standard or sandboxed Firefox. The inability to safely use a web browser in a sysmaint session is causing some frustration, and while we did see that coming and decided it was worth it, being able to remove that frustration would be nice.
1 Like