Purism is focused on using Flatpaks for their apps for PureOS/Librem 5. A “Flatpak (formerly xdg-app) is software that is advertised as having a sandbox environment in which users can run application software in isolation from the rest of the system. Applications using Flatpak need permissions to have access to Bluetooth, sound (with PulseAudio), network, files, etc., permissions that are defined by the maintainer of the Flatpak and can be controlled (added or removed) by users on their system.” That along with AppArmor “(“Application Armor”) is a Linux kernel security module that allows the system administrator to restrict programs’ capabilities with per-program profiles.” This already starts to give you a good idea of where some of the security is within the OS.
3 Likes