Most snaps and flatpaks run with full home access.
snaps only provide sandboxing when run with the Ubuntu AppArmor policy.
snaps offer zero security without special configuration on other distros.
Sandboxing desktop applications on Linux won't happen until distros start shipping strict SELinux policies that properly confine programs like Android does.
Along with flatpak/systemd taking allowlisting seriously combined with stricter seccomp filters.
Sandboxing desktop applications on Linux won't happen until distros start shipping strict SELinux policies that properly confine programs like Android does. Along with flatpak/systemd taking allowlisting seriously combined with stricter seccomp filters.
Please if you maintain any packages with systemd units go read this right now and harden them, it should only take a few minutes: https://www.freedesktop.org/software/systemd/man/systemd.exe... Verify them using 'systemd-analyze security $unit'.