hack3rcon wrote:I want to install an application on Debian 10.6 x86_64, but I don't like this application hurt my system or steal anything from my Debian box.
As usual, the name of this application is a trade secret ...
If the application is potentially harmful (f.e. unsigned, closed source and/or downloaded from untrusted site), then there is no way assure safety. It's because for the application to work, You need to grant it some basic privileges, like f.e. for accessing audio, video, network interfaces, D-BUS, shared memory - or all of them at the same time.
Real-life example: Skype - sandboxing it makes no sense, because the end user is required to grant it an access to audio, video and the network - so it can be used as a perfect surveillance tool, no matter how good the sandboxing system is.
No sandboxing method can protect from user stupidity...
EDIT:
Head_on_a_Stick wrote:
hack3rcon wrote:4- Flatpak
The "sandbox" offered by flatpak is pure marketing bullshit:
https://www.flatkill.org/2020/
But the best sandbox of all would be a virtual machine. (...)
In addition, Flatpak looks "flat" for the developers only - for the end-users it's a bloatpak - f.e. because it prevents reusing of shared libs, which is a solution known from Winblows9x, where applications were required to install their own versions of various runtime libs.
I agree that VM is probably the best solution, with the exception that it can't protect from externally controlled applications like Skype or Zoom.