A user shell is the way in which a user interacts with a computer system. It is the way in which input from keyboards, mice, touchscreens etc reach the system and applications and the way that output reaches the screen. A shell is responsible for launching applications, routing input to the focussed application and compositing the output from the visible applications onto the display.
Confinement is a way of restricting the capabilities of a program to specific devices, parts of the filesystem and other features of the system. An "unconfined" program can access anything that the user has permissions to do. So, for example, it could read any of the user’s files and copy them to the internet. The use of confinement is of increasing importance in computing as the basis for trust between the developer of a program and its user becomes increasingly tenuous.
Drawing from experience with adapting graphical shells and other applications to "confined" execution we examine what is needed to securely run untrusted applications on a computer.