* Paul Wise: > To fully solve the problem you need a whitelist based approach that > ends up something completely different like Flatpak.
Flatpaks don't work this way. Try installing gedit and open a file like ~/.ssh/id_rsa with it. There are no security prompts whatsoever, yet the software in a flatpak can read your SSH private key.