top | item 47094597

(no title)

necovek | 9 days ago

Flatpak and Snaps are built to solve this. They do conflict with some expectations from users to be able to play around with things, though, so they do not have the penetration one might want.

discuss

cosmic_cheese|9 days ago

They only cover the user-facing app part of the story. The rest of the system needs isolation and safeguards, too, including things like the desktop environment and whatever random daemon.

A solution that's integral to the system and not just loosely taped on is required.

necovek|9 days ago

For many services that was solved even earlier: that's why things like Docker, podman and VMs are so popular.

The hard bit is the desktop experience which is not fully there yet, but the technology is.

NewJazz|9 days ago

Flatpak provides very weak sandboxing compared to android. It was more about packaging and distribution than security.

necovek|9 days ago

https://docs.flatpak.org/en/latest/sandbox-permissions.html says otherwise.

Most apps not using tight hardening are for different reasons though (files/folders org).