Comment 18 for bug 933440

@Jamie Strandboge
I tried to use proposed1. It's almost fine, but:
1. one has to add ssl_certs abstraction
2. looks like skype _requires_ "owner /dev/shm/pulse-shm* m," and "/dev/snd/* m," to play audio.
3. skype sometimes tries to access .mozilla, but I think it's up to end-user to allow or deny this.
4. probably one needs to add something like "owner @{PROC}/[0-9]*/fd/ r,"

Concerning 'mmap a file executable': do you think that it is dangerous?