Containers are an attempt to solve multiple issues. One is being a replacement for bundles. When people sell and distribute a proprietary app/game, they presumably want it to run on as many systems as possible with as little effort as possible. Having to rely on volunteer maintainers is not good, neither is having to maintain a lot themselves. Software bundles with all libraries included are the traditional solution to this on all operating systems. Flatpak seems like an even easier solution. The real issue in this discussion is security. Traditional GNU/Linux is too monolithic. Having more separation between an application and lower system layers adds security just like not using root for running a Web server and using separate user accounts for e.g. a Web server and an XMPP server does. Well-behaved software uses the self sandboxing you are talking about: dropping capabilities, revoking privileges. Two issues remain: Presumably most software (online games in particular) do not properly self-sandbox and are not secured very well. It’s safest not to install such software on your work PC but you may still wish to somewhat protect your gaming PC. Despite not knowing the software that well, we can try to constrain its privileges via containers/bubblewrap/firejail. What’s still missing however is proper filesystem isolation. Not every program needs to have access to any file in my home directory. More separation here is good for security. I don’t want to create a new user account for each app. I do want to use something like the new xdg desktop portals. I also want to hide what other software I have installed. I planned to do something with many small Arch Linux filesystems with inheritance through hardlinks, but maybe embracing Guix as an additional per-user package manager is a better approach? The same missing separation may be a reason to use Mach/Hurd over Linux. Of course that is still in its infancy. Regards, Florian Pelz