Good questions! Under flatpak, WebKit will actually use flatpak-spawn
to create a flatpak subsandbox, instead of using its own bubblewrap
sandbox. So yes, WebKit's bubblewrap sandbox does not get used, but
there is a flatpak "subsandbox" instead. It effectively does:
$ flatpak-spawn
Hi,
One of the things I am wondering how does this fair with Flatpak'ed
applications, since its what we are recommending nowdays for users to use.
My understanding is that the webkit bwrap sandbox is only functional in
non-nested bwrap sessions which means that while the Flatpak apps might be
