I was under the impression Flatpaks are sandboxed. (I am not an expert.)
Flatpak is a utility for software deployment and package management for Linux. It provides a sandbox environment in which users can run application software in (partial) isolation from the rest of the system.
The most simple but also least effective sandbox type is the container or wrapper sandbox that builds an isolated process environment and then executes the target application inside.
Flatpak provides an isolated runtime environment using a container type sandbox to execute the target application inside.
… there are two issues that prevent flatpak from providing a real sandbox environment…
I was under the impression Flatpaks are sandboxed. (I am not an expert.)
I also keep Ungoogled Chromium around as a last resort (AppImage in my case).
Flatpaks are as sandboxed as the sandbox settings you give them, check out if the defaults are satisfactory on Flatseal before running it.
Flatpak is not a sandbox
https://hanako.codeberg.page/
Thanks for the info.
Personally, I’ve been avoiding Flatpaks anyway on my main machine, but not out of security concerns. Mainly to do with size and the update frequency.
Even the author says Flatpak is a sandbox.
Just that it’s no true scotsman, I mean sandbox.