Policy aims Main sample policy gives minimal privs to every daemon (a separate domain for each daemon) and creates separate user domains for programs such as Email client, GPG, X, etc (haven't yet written the domain for email) Just written a domain for UML so that if a program escapes from it's UML instance it can't get far ;)