You're wrong. The obsidian flatpak ships by default with access to /home. https://github.com/flathub/md.obsidian.Obsidian/blob/5e594a4...

I „love” such sandboxing defaults. Apps like Docker Desktop also share the whole home by default [1], which is pretty interesting if a big selling point is to keep stuff separated. No idea why node_packages need to have access to my tax returns :). Of course you can change that, but I bet many users keeps the default paths intact.

[1] https://docs.docker.com/desktop/settings-and-maintenance/set...

Needed for volume mounting to work easily I assume.

Yeah, I forgot there’s the intermediate VM level, and user folders are shared there so that folders could be mounted to the individual containers using host paths.

Interesting, I thought I had to turn that on for Obsidian!

The first time I started installing flatpaks I ran into a bit of permission / device isolation trouble and ever since then, I use flatseal after installing an app to make sure it actually has access to things.

I guess I misremembered in the case of Obsidian.

So if I run their software in a container they can't access my entire filesystem. I don't think that is a security feature.

It sounds like if I ever run obsidian I should be using flat seal too.

Er, what?

I'm not claiming it's a security feature of Obsidian, I'm saying it's a consequence of running a flatpak - and in this situation it could be advantageous for those interested.

Sorry, it genuinely sounded to me like you were saying that it's not a problem because flat pack.

No, lol