The container runs a local host server for use in a browser and is untrusted for development reasons. It needs to be treated as an advanced black hat. Its primary goal is recon and sending critical information via advanced connectionless protocols of unknown type. While extremely unlikely, it should be assumed to have access to proprietary systems and keys such as Intel ME and a UEFI shim of some sort. It may also use an otherwise trusted connection such as common git host, CDN, or DNS to communicate. It tries to access everything possible, key logger, desktop GUI, kernel logs, everything.
What is the Occam’s Razor of solutions that best fit the constraints in your opinion? Other than the current solution of air gap.
Yes, I understand Flatpak does some seccomp syscall filtering. It still isn’t enough to consider a secure sandbox where the threat model is that the app is untrusted. Bubblewrap is generally considered a weak sandbox and isn’t “secure by default”, allowing for easy footguns.
LXC/Incus does support proper VMs but it isnt as common.
Neither are really designed to run untrusted apps.
LXC is namespaces only, maybe you’re thinking of libvirtI stand corrected about LXD, never knew it did that, weird I don’t know why you’d wanna do that instead of using libvirt.Flatpack uses namespaces. And unless you have it disabled in the kernel, namespaces can be nested. There’s nothing stopping a browser running a flatpack from using namespaces itself.
Not to say that you are incorrect about namespaces vs security. Namespaces are not as secure as a VM.
Flatpakbapps cant use namespaces. Flatpak (the software) uses namespaces but Flatpak apps can not.