> When it asks me to open a file, or a directory, it should invoke a system dialog that cannot be faked, and when I pick a file/directory for it, that directory or file should be bind-mounted into its mount namespace without giving it extra information about other files beside it, or indeed what's the full path of the file. When recording a screen, I should be able to pick which regions and which applications it should be able to see, and the system should make it think it's all there is.
You've described exactly what flatpak is doing? I'm curious what gaps you see with its approach in particular.
If it’s important to you that an application doesn’t need to cooperate, then that’s something Snap has an answer for. I don’t remember the name of it or if it got past the proposal stage, but it’s like “if an app opens a file, intercept the syscall and show a dialog.” I think it’s a disgusting solution to a non-problem (it was demoed with Firefox which has dutifully cooperated with our shit for decades). But it’s interesting :)
Omg I keep finding myself back here. It was bugging me especially that I couldn’t remember, but I found it! This is the thing: https://discourse.ubuntu.com/t/ubuntu-desktop-s-24-10-dev-cy...
Oh wow, this is a killer feature of snap. I would love to see that in flatpak, but development is slowing down: https://lwn.net/Articles/1020571/