Everybody knows that allowing different applications unlimited access to each other’s data is not exactly optimal from a security point of view. While servers have enjoyed containers to isolate applications from each other, we lack a good solution for the desktop. Or do we? There is, obviously, flatpak. Unfortunately, flatpak present itself as a “Linux application sandboxing and distribution framework”. This will not do. I already have a distribution. I’m pretty happy with it.

Nice series of blog posts I found detailing how to use bubblewrap (the sandboxing tool used by Flatpak) to sandbox regular programs.