>>100180357The people working on Flatpak are doing their best, but from reading some GitHub issues, it's clear they are badly overworked and not security experts. The person responsible for Flatpak's seccomp sandbox has said it isn't even his main responsibility and he doesn't have much knowledge about seccomp and is learning along the way (
https://github.com/flatpak/flatpak/issues/4466#issuecomment-939359257). The Flatpak seccomp filter is based on a blacklist rather than an whitelist, and many dangerous syscalls can't be blocked because applications rely on them (e.g. Firefox needs ptrace for the crash reporter). You also have to be careful and deny permissions such as /home filesystem access, because it lets Flatpak apps override their own permissions by design (
https://github.com/flatpak/flatpak/issues/3637), X11/Pulseaudio sockets are also dangerous but that's not Flatpak's fault. Also, dangerous kernel components like io_uring are exposed (
https://github.com/flatpak/flatpak/issues/5447), while Google disables them on their systems because of their exploitation potential.