[admiun]

This just shows we really do need a step towards an 'appstore-like' permissions model for desktop operating systems. There is just no reason for all these software packages to have full write access to everything in your user account.

[derefr]

You know, Thinstall (later VMware ThinApp) has existed since 2001. I'm surprised its particular breed of containerization (effectively an LD_PRELOAD shim that defines virtualized versions of libc calls) never took off. It was perfect for providing this kind of "isolation": the kind where you want the app to "not make a mess of things"—but aren't aiming for container-like isolation-based security, because the apps you're running are known quantities (if stupid ones.)

It's interesting, also, that Windows' WoW16, and then WoW64, both provide their own levels of filesystem virtualization for "messy" apps... but those same constraints aren't pushed on "native" apps.

I still don't really understand why no OS just virtualizes every app's filesystem, without having to opt into something like sandboxing. It'd actually be able to provide a much nicer programming model, a lot like Plan9: just spew all your program's files into the virtualized equivalents of system directories, because they're directories that are really just for you. No subdirectories; you just put configuration right in /etc, manuals right in /usr/share/doc, etc.

That could then be combined really well with a database-filesystem: going in the file manager to /usr/share/doc would display a "virtual library directory" with virtual subdirectories for each app-container that had made use of the directory. (Or you could skip the virtual subdirectories and get a merged view. Good for e.g. a Fonts directory.)