Interesting concept: Plash is a shell that inserts a library under programs through which all accesses to the file system are sent. This allows you to control which functions a program is actually allowed to execute. This time, it is not about protecting against user activities, but about protecting the user against activities of the program. Especially when installing programs that you do not know, you can sometimes catch Trojans - Plash helps here by explicitly only enabling the areas of the disk for the program that it actually needs.
For this purpose, all accesses to the file system are internally routed via a own mini-server - the actual program is executed under a freshly allocated user in a own chroot-jail, so it has no chance to do anything outside that is not explicitly allowed.
Very interesting concept, especially for system administrators. Unfortunately (as expected) it does not work with grsecurity - of course, grsecurity is supposed to help prevent some of the tricks used in Plash. In this case, it fails due to the requirement of executable stack.