[akyuu]

Flatpak permissions are very broad by default in most applications. Even if you manually override them by using Flatseal, some permissions like X.org or PulseAudio sockets are very problematic because these legacy protocols are not designed to be secure. Even if you manage to lock down permissions and only use modern apps that support Wayland and Pipewire, the Flatpak sandbox still exposes a lot of kernel attack surface because it blocks very few syscalls. I think they should add something similar to Win32k lockdown (ProcessSystemCallDisablePolicy) on Windows and disable insecure components like io_uring.

As for immutable distros, AFAIK Silverblue and others are immutable in the sense of package management, but there is actually no process to ensure the integrity of the full boot chain because initrd can be trivially modified by the host and is unsigned. There is a UKI (Unified Kernel Image) proposal that will likely be the path going forward (at least on the Red Hat world), but I think it's still years away.

In my opinion, if you want to use Linux desktop securely, just use Qubes.

[ragequitta]

I fully agree with using Qubes, but I also think for most people in most cases that's akin to putting a bank vault door on the front of your house. I guess the question I would ask is: gun to your head you have a choice between running a random Setup.exe in Windows, a .sh/.deb/.rpm in linux, or a Flatpak. Which one are you choosing? 10/10 times I'm choosing the Flatpak myself. It might not be perfect, but it does seem better than most alternatives everyone uses all day every day.

[akyuu]

> for most people in most cases that's akin to putting a bank vault door on the front of your house

If we are talking about a device in which you do banking, shopping, manage sensitive or work data, etc. then I think security should be a priority. For more casual use, I agree Qubes would be overkill.

> Which one are you choosing?

I'd rather execute Setup.exe inside Windows Sandbox or denying UAC prompts, or a random macOS binary (provided SIP is not disabled) than a Flatpak. To be clear, I think Flatpak is an improvement, I'm glad it exists and I hope it continues evolving. But in my opinion, the Linux desktop still has a long way to catch up to Windows and macOS on security.