Oddbean

ironically, snaps are containerization, but the problem of permission to access files is the actual problem android has a permission you have to enable for any app you want to read the base system disk... snaps don't seem to have that working right, and it should just be default on with the app config folder in the expected location... you'll have fun discovering it's the same problem more generally i don't like it, i prefer to install apps on the base system about the only app that i think has a real security need to do it is browsers, so actually what would make more sense is to install everything else normally but dumb shit with dumpster fire capacity to run arbitrary code should be in containers if it can't run arbitrary code it's literally not a vulnerable system, assuming it doesn't have stack smashing or other buffer overflow vulnerabilities... for the most part, boost, and most languages have plugged that one up anyway it's really just the "it can run arbitrary code" problem... it would be solved if the execution engine itself was containerised but what about when you want to download files to the rest of the filesystem? that again requires a permission the real elephant in the room about containerizing apps is literally the web browser engine