Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.
A powerbox is just like a normal file chooser dialog box, except that it dynamically grants the application the right to access the file that the user picks. This helps provide security because the application can be run without needing access to all the user's files. Powerbox-for-Gtk patches Gtk to replace GtkFileChooserDialog with a powerbox. It is based on Plash, which provides a restricted execution environment on Linux.
Software with a similar purpose: Plash
You might also be interested in Plash, which also creates
restricted environments for running programs in. Like
jailkit, you can specify what files a process can access, but
you don't need to copy the files, so it's more lightweight
and flexible. You can grant a process read-only or
read-write access to specific directories, mapped at any
point in the file namespace.