• @sudneo
    link
    710 months ago

    Tbh, for me the value of flatpak is in the isolation (great for how easy it is to achieve), rather than the compatibility.

    For example, I run obsidian with no network access and fs access to just the path where my notes are stored. This is really reassuring considering I am not really sure what all the plugins might do. While it is not perfect, it’s much better than having it running natively in my box (I.e. root namespaces).

    • @[email protected]
      link
      fedilink
      110 months ago

      Isolation is easy to achieve. Flatpak’s sandboxing layer is bubblewrap. It’s an independent software. It wouldn’t be too hard to write a wrapper for bubblewrap that acts like flatpak and launches applications in a carefully constructed sandbox.

      • @sudneo
        link
        110 months ago

        It’s also not too hard to cook a Dockerfile for it, or even write a systemd wrapper with security settings. However, with flatpak you get this out of the box and mostly in a transparent way, plus you get all the usually annoying aspects (like having GUI applications work in containers) taken care of.