The policy for desktop applications keeps getting larger and more complex and doesn't seem likely to do much good. We have the xdg-desktop-portal package which is described as: xdg-desktop-portal provides a portal frontend service for Flatpak, Snap, and possibly other desktop containment/sandboxing frameworks. This service is made available to the sandboxed application, and provides mediated D-Bus interfaces for file access, URI opening, printing and similar desktop integration features. . The implementation of these interfaces is expected to require user confirmation before responding to the sandboxed application's requests. For example, when the sandboxed application ask to open a file, the portal implementation will open an "Open" dialog outside the sandbox, and will only make the selected file available to the sandboxed app if that dialog is confirmed. . xdg-desktop-portal is designed to be desktop-agnostic, and uses a desktop-environment-specific GUI backend such as xdg-desktop-portal-gtk to provide its functionality. This application is used by Chromium so that the app can run in a sandboxed manner. I think it would make sense to have more applications run in a sandboxed manner and use xdg-desktop-portal for their access to files outside their own sandbox. This would give the security benefits we aim to get from the SE Linux application policy but with greater restrictions (applications can't access each other's files without the user explicitely allowing it) and also providing those benefits to users who don't use SE Linux. It would also be possible for the sandbox supporting launcher to have SE Linux integration and use different MCS categories for the different applications or something. What I would like to see is regular desktop apps get some of the separation that Android apps get. What do you think? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/