The other kind of sand boxing isn't implemented yet. It will require kdbus and "Portals" (similar to Android's "Intents" http://www.phoronix.com/scan.php?pag...tem&px=MTI5NDQ
It will probably have a special SDK, so developers can target that instead of the underlying OS.
The thinking is, that this allows app developers to potentially target all Linux distros at the same time, and will be a tremendous boost for Linux based phones and tablets.
A problem now a days is, that Linux has a small desktop userbase, and even that base is fragmented into countless variations. This makes it hard to convince e.g. the local Metro train company, or bank to develop a Linux app, and if they do, they tend to only target large userbase Linux distros like Fedora or Ubuntu.
A stable SDK and API that potentially works across all Linux distros will make it much more attractive for third party developers.
This kind of sandboxing will of course also be of great use for normal programs: as it is now, a browser can read/write everywhere the user can, even do it without user permission too. This is bad when a browser gets compromised, since it can steal information or plant a trojan or similar.
When sandboxed the browser may be limited to certain directories and if it wants to read a file, it doesn't do it directly, but will have to ask the "Portal" to fetch it, ensuring that the user can give it permission or deny the request.