

5·
17 hours agoFlatpak sandboxing is weak. For truly untrusted software like pirated games I’d definitely go for a different user which in Linux provides a very strong isolation.


Flatpak sandboxing is weak. For truly untrusted software like pirated games I’d definitely go for a different user which in Linux provides a very strong isolation.


I just use a different user with no privileges to run any pirated or suspicious software.
I’m not familiar with firejail, sorry. I guess that firejail (or regular containers with podman) can be ok for CLI tools which only need access to very specific paths, if any. But for graphical applications like games you probably have to grant a lot of access.
Using a separate user is simpler and it’s guaranteed that the software can only write to the home dir of the user (and other temp paths like /tmp that you don’t care). In case of problems, just wipe the home dir and you are good.