Is it not possible to have a client / desktop OS where each app runs in its own container by default with its own writeable filesystem... I would have thought that's beneficial from a security perspective as well as making things easier to separate...
> Is it not possible to have a client / desktop OS where each app runs in its own container by default with its own writeable filesystem...
We have several "container as app" solutions around:
* Microsoft Universal Windows Platform;
* Canonical snaps;
* Flatpak;
* containertoolbx/Distrobox (this one is very DIY and what I use);
It's just that (as of now) most apps rely (and are allowed to be deployed in "stores") on very leaky container isolation (like full filesystem access) so might as well not be deployed inside containers in the first place.
