Portals: Using GTK+ in a Flatpak

On his blog, Matthias Clasen announces the availability of some of the infrastructure for Portals, which are a way for Flatpak applications to reach outside of their sandbox."Most of these projects involve some notion of sandboxing: isolating the application from the rest of the system.Snappy does this by setting environment variables like XDG_DATA_DIRS, PATH, etc, to tell apps where to find their 'stuff' and using app-armor to not let them access things they shouldn't.Flatpak takes a somewhat different approach: it uses bind mounts and namespaces to construct a separate view of the world for the app in which it can only see what it is supposed to access.Regardless which approach you take to sandboxing, desktop applications are not very useful without access to the rest of the system. So, clearly, we need to poke some holes in the walls of the sandbox, since we want apps to interact with the rest of the system.The important thing to keep in mind is that we always want to give the user control over these interactions and in particular, control over the data that goes in and out of the sandbox."