Flatpak, Firejail

But they also sidestep some of the problems the traditional repositories and packages bring. Hopefully it would be the best of both, of course.

Well sandboxing could be one, if properly implemented.

From what I've seen, neither snapd or flatpak does sandboxing -- only firejail. Which the latter seems more like a viable choice considering it sanboxes -and- has some security features that flatpak and snapd does not.

I'm pretty certain that flatpak sandboxes stuff.

flatpak --user for installing gnome apps on kde machines and appimages for kde apps on gtk/gnome boxes.

I think both snaps and flatpak both have some sort of sandboxing, though not on the level of firejail. But I think firejail is a completely different beast, its purpose is to sandbox while flatpak and snap are about software distribution.
It definitely has "permissions" of sorts, though the issue is that the flatpak itself tells what permissions it needs.

They may both be known for sandboxing applications, but firejail is more suited for actual security and isolation. Flatpak brings compatibility on top of sandboxing.

Well, the whole comparison is strange

Flatpaks pretty much solve the backwards compatibility of Linux, don't they? With flatpaks you can install whatever software without having to worry about dependencies.

>linux finally caught up to linux

>not COM

fake tits are gross and gay

no u

just like ur post lmao

Say there's an app that has a shitload of dependencies that you wouldn't use with any other program and you only boot it up every now and then when the situation calls for it. You don't want a ton of new packages cluttering your system, and you don't want them updating and breaking the one app that relies on them, or the app updating and needing newer versions of the libraries, etc.

For me, this is VLC and Calibre. Flatpak is useful for that.

Attached: nixos-logo-only-hires-print.png (1183x1024, 64K)

You've got a point.
Now I've got a strong urge to reinstall my distro and attempt to stick as much apps as I can inside my flatpak.

Not sure if you're just confusing firejail with snap or if you just don't really know what firejail is, because its not really related to flatpak at all.

You might be interested in this docs.fedoraproject.org/en-US/fedora-silverblue/

Agreed.

Oh, nvm. I just checked it out and there's a bunch of packages missing -- it looks incomplete as fuck.

Question for you anons. Why do Flatpaks and Snaps come with sandboxing when Firejail does it better. Moreover, why does Flatpak even exist when it only targets desktop applications?

firejail is a bloated monster that works with a blacklist system, which isn't a good idea security wise.
i'd prefer raw bubblewrap, which is what flatpak uses.

Doesn't it make sense to include sandboxing in flatpaks and snaps instead of relying on third party sandboxing?

firejail is a security risk it increases the attack layers by tenfold, search about setuid and posts on reddit from security researchers, it's a nightmare
flatpak is the best option by far and they are slowly implementing all the pieces you need to a proper full sandbox e.g. pipewire
I make my own flatpaks for about 50% of all the software I use, it's like a portable compile system that doesn't bloat your main system (don't be a retard and talk about disk usage)

oh and its a good way to contain the botnet when youre forced to install crap and vms are tiresome after you already have a few of them

Flatpaks are sandboxed you fucking retards