I really appreciate the GrapheneOS security model with detailed permissions for every app, including internet access.
I’d like to have something similar to that on my main OS. I like to be able to install an app without trusting it. So that I can be more lax with the FOSS projects and the proprietary stuff I use.
I use my PC for gaming, programming and personal stuff. I have been using Fedora for quite some time.
I know that QubesOS exists, and would give me the highest security and privacy guarantees, but i’d prefer something more elegant. I havent tried Qubes in 10 years though 🤔
Am I limited to Flatpak with Flatseal and similar solutions to Flatseal for AppImage?
Edit: I have a ryzen iGPU and a seperate dedicated GPU
Flatpak isn’t as strong as a sandbox as Android. But if you tweak permissions, it can be deemed good enough.
If you really wanted security, you’d want to learn SELinux, but that’s a whole rabbit hole of complexity.
Maybe checking out Secureblue would be something to consider?
You might have some luck with Bubblejail or Firejail. Alternatively, you might want to give one of the Universal Blue images a try. They’re Fedora based but immutable. Almost all installations are purposely done in a container using flatpak or distrobox.