>I wouldn't trust flatpak enough to run a truly untrusted executable. I am sure flatpak's isolation is full of holes unrelated to windowing.
As compared to running untrusted programs completely naked?
>But I don't think a game purchased through steam counts as untrusted.
Bottles is there for people to run any Win32 program, not just Steam games. And I shouldn't have to tell you how many malicious Win32 programs there are.
Just google the criticisms of flatpak from a security perspective. They're out there.
Containerization on Linux was never intended to be a security feature for totally untrusted, malicious code. It's isolation for trusted code. If your scenario relies on securely running untrusted executables in a Linux container you are doing stupid things.
I am well aware of the weak points of Flatpak. But are you suggesting that running applications in a container is not more secure than running an executable completely naked?
You see: If you want absolute security, for sure, go for a full-fledged VM! Or run something like QubesOS. It is a completely reasonable decision.
However, malice certainly has degrees, and the "mildly malicious" programs most likely cannot take advantage of sandbox escaping exploits. If Flatpak can stop 95% of all attacks (relative to running a program completely without sandboxing), that is already a win in my book.
But I will note again that X11 is a big hole (as in, almost a complete free-for-all) for sandbox escaping in Flatpak.
You seem to think a lot of things that aren't security boundaries are security boundaries. There have been VM escapes too. VMs are not for running untrusted OS images you get from end users.
As compared to running untrusted programs completely naked?
>But I don't think a game purchased through steam counts as untrusted.
Bottles is there for people to run any Win32 program, not just Steam games. And I shouldn't have to tell you how many malicious Win32 programs there are.