Tbh, for me the value of flatpak is in the isolation (great for how easy it is to achieve), rather than the compatibility.
For example, I run obsidian with no network access and fs access to just the path where my notes are stored. This is really reassuring considering I am not really sure what all the plugins might do. While it is not perfect, it’s much better than having it running natively in my box (I.e. root namespaces).
Isolation is easy to achieve. Flatpak’s sandboxing layer is bubblewrap. It’s an independent software. It wouldn’t be too hard to write a wrapper for bubblewrap that acts like flatpak and launches applications in a carefully constructed sandbox.
It’s also not too hard to cook a Dockerfile for it, or even write a systemd wrapper with security settings. However, with flatpak you get this out of the box and mostly in a transparent way, plus you get all the usually annoying aspects (like having GUI applications work in containers) taken care of.
Tbh, for me the value of flatpak is in the isolation (great for how easy it is to achieve), rather than the compatibility.
For example, I run obsidian with no network access and fs access to just the path where my notes are stored. This is really reassuring considering I am not really sure what all the plugins might do. While it is not perfect, it’s much better than having it running natively in my box (I.e. root namespaces).
Isolation is easy to achieve. Flatpak’s sandboxing layer is bubblewrap. It’s an independent software. It wouldn’t be too hard to write a wrapper for bubblewrap that acts like flatpak and launches applications in a carefully constructed sandbox.
It’s also not too hard to cook a Dockerfile for it, or even write a systemd wrapper with security settings. However, with flatpak you get this out of the box and mostly in a transparent way, plus you get all the usually annoying aspects (like having GUI applications work in containers) taken care of.