• intrepid@lemmy.ca
    link
    fedilink
    arrow-up
    1
    ·
    11 months ago

    Isolation is easy to achieve. Flatpak’s sandboxing layer is bubblewrap. It’s an independent software. It wouldn’t be too hard to write a wrapper for bubblewrap that acts like flatpak and launches applications in a carefully constructed sandbox.

    • sudneo@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      It’s also not too hard to cook a Dockerfile for it, or even write a systemd wrapper with security settings. However, with flatpak you get this out of the box and mostly in a transparent way, plus you get all the usually annoying aspects (like having GUI applications work in containers) taken care of.