> Therefore, your criticism of app sandboxing is more for Arch than Omarchy IMHO.
I've never been an Arch user but deeply respect the project since their wiki as always been my favorite documentation.
From what I understand Arch is very much DIY, non opinionated and you you need to decide and build the security level / strategy that fit your needs. It seems you can go Flatpak, SELinux but only if you want.
I was kind of lurking for an equivalent of SecureBlue in the Arch world, meaning an Arch derived distro with a strong security posture. Allowing me to get started without worrying too much about it.
At the end of the day, you do you, but my experience with SElinux is that using it on the desktop is vastly overkill.
At a high level, the essence of SElinux is to limit the possibilities of exploitation and escalation by carefully specifying which process can access which resources in which context. Now that makes sense for a server opened to the www, or a host shared with untrusted users. But Omarchy is a _sole developer_ focused flavor of Arch Linux, think your typical dev laptop. There's no service exposed there, you most likely can't even listen on the internet behind your typical home router. The realistic threats that you face is your laptop being stolen (which is why LUKS is a default) or your laptop sitting unlocked (which is why hypridle & hyprlock are a default).
Of course there's always the tails of a compromised software, but it's much more unlikely.