flatpacks falling flat, packing bugs, snaps snapping resources, both suck

> systemd's sandboxing system is quite fine granular as you can set up certain paths to be read-only, others to be read/write, restrict capabilities etc. However, this setup is required before the program is started

Flatpaks also have their own internal store that they can access freely without any permissions. They also have an option to statically require RO or RW access to specific parts of the host filesystem (like systemd daemons).

> <...> and you can grant it access to the rest of the non-system parts of the file system via Android's permission system

Like you said, in Android's case, this likely only works because *almost all* storage is compartmentalized. So "non-system parts of the file system" is basically "free-form user files". There's no way for an app to abuse this grant to access system files or, importantly, other apps' files.

On Linux, this is not an option — direct filesystem access (even limited to non-system files) is a much broader brush. Except, maybe, if you filter all the dotfiles via some kind of security layer (and even then, you'll eventually get stuck with either false-positives or false-negatives).

Perhaps what's missing is just an ability for an app to request access to the containing directory along the user-picked file, or request access to a precomputed path. Does not sound like a *fundamental* problem to me — has anyone tried asking the XDG guys to add this to the relevant portal spec?