I’ve been thinking. Android implements app permissions on top of Linux, Flatpak does it too. But why is it it’s not part of the kernel?
Like all executable files would be sandboxed and would only be able to access syscalls and parts of the file system if they were allowed to. Making sandboxing the default instead of having to restrict programs.
I’m not a kernel developper so this question may be naive, but it bothers my mind. I guess part of it is because of historical reasons but are there any practical ones that make it not feasable?
EDIT : Thank you all for your answers, almost all of you were very nice and explained things clearly
I think I’ve used one once or twice, but haven’t delved into the system. I haven’t spent time comparing snaps and flatpaks, either.