I was under the impression Flatpaks are sandboxed. (I am not an expert.)
Flatpak is a utility for software deployment and package management for Linux. It provides a sandbox environment in which users can run application software in (partial) isolation from the rest of the system.
The most simple but also least effective sandbox type is the container or wrapper sandbox that builds an isolated process environment and then executes the target application inside.
Flatpak provides an isolated runtime environment using a container type sandbox to execute the target application inside.
… there are two issues that prevent flatpak from providing a real sandbox environment…
I was under the impression Flatpaks are sandboxed. (I am not an expert.)
I also keep Ungoogled Chromium around as a last resort (AppImage in my case).
Flatpak is not a sandbox
https://hanako.codeberg.page/
Even the author says Flatpak is a sandbox.
Just that it’s no true scotsman, I mean sandbox.
Flatpaks are as sandboxed as the sandbox settings you give them, check out if the defaults are satisfactory on Flatseal before running it.