> Yes, and then there is XDG which expects exactly that, which then leads to > other hacks to soften the isolation of said containers, or the inclusion of > files which the go out of sync and out of date compared to what is in the > real /etc. If I need hard sandboxing to stop such behaviour, then there is a > serious bug in the spec. ;)
Flatpak generally provides indirect access to system libraries through “runtimes”, so in order to provide access to, for example, whatever library you’re working on, the library itself could be added to the Freedesktop runtime, which would then provide properly sandboxed access to that library. Filesystem access within $HOME is generally provided through “portals” on Flatpak though I don’t really understand how those work, yet. — P.S. FYI your email client seems to add hard line breaks to soft-wrap text, which renders really strangely on my device. (And I wasn’t sure about the etiquette for quoted email history. I don’t know how much of the peculiarity is just down to how mailman works versus how various email clients work, since some of these issues other mailing-list platforms handle somewhat more gracefully.)
