Flatpak Sandbox Analysis

[jannes.schmidt]

Came across an article with some good points on how to improve Flatpaks Sandboxing feature: https://hanako.codeberg.page/

tldr;

1. Flatpaks sandboxing advertisement gives a false sense of security since pretty much all official apps on flathub are vulnerable to sandbox escape - so maybe call it container instead

2. Provide an optional sandbox mode in flatpak that restricts application features but actually create a process environment that cannot be trivially escaped.


The full article is worth a read and from what I have seen on reddit, many users actually rely on flatpak apps as being sandboxed by default.

- Jannes