I really appreciate the GrapheneOS security model with detailed permissions for every app, including internet access.
I’d like to have something similar to that on my main OS. I like to be able to install an app without trusting it. So that I can be more lax with the FOSS projects and the proprietary stuff I use.
I use my PC for gaming, programming and personal stuff. I have been using Fedora for quite some time.
I know that QubesOS exists, and would give me the highest security and privacy guarantees, but i’d prefer something more elegant. I havent tried Qubes in 10 years though 🤔
Am I limited to Flatpak with Flatseal and similar solutions to Flatseal for AppImage?
Edit: I have a ryzen iGPU and a seperate dedicated GPU
Have you looked into podman and Distrobox (which is a wrapper for podman), or toolbox? You can install non-flatpak apps in them, and if you want to get into the weeds, you can declare what each container’s permissions are.
"#### Security implications
Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain
docker/podmancontainer or a Flatpak."https://distrobox.it/#security-implications
Does not seem to be an ideal fit, but still interesting
Yep, just depends what your particular goals are. They wouldn’t have rootful access, but if you need more granular control, podman or docker are likely better suited.