| ▲ | akdev1l 3 hours ago | |
If a sandbox is optional then it is not really a good sandbox naturally even flatpak on Linux suffers from this as legacy software simply doesn’t have a concept of permission models and this cannot be bolted on after the fact | ||
| ▲ | okanat 3 hours ago | parent [-] | |
The containers are literally the "bolting on". You need to give the illusion of the software is running under a full OS but you can actually mount the system directories as read-only. | ||