• sudneo@lemmy.world
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    11 months ago

    Tbh, for me the value of flatpak is in the isolation (great for how easy it is to achieve), rather than the compatibility.

    For example, I run obsidian with no network access and fs access to just the path where my notes are stored. This is really reassuring considering I am not really sure what all the plugins might do. While it is not perfect, it’s much better than having it running natively in my box (I.e. root namespaces).

    • intrepid@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Isolation is easy to achieve. Flatpak’s sandboxing layer is bubblewrap. It’s an independent software. It wouldn’t be too hard to write a wrapper for bubblewrap that acts like flatpak and launches applications in a carefully constructed sandbox.

      • sudneo@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        It’s also not too hard to cook a Dockerfile for it, or even write a systemd wrapper with security settings. However, with flatpak you get this out of the box and mostly in a transparent way, plus you get all the usually annoying aspects (like having GUI applications work in containers) taken care of.