Flatpak is a sandboxed application framework and standardized packaging format for Linux desktop applications. It functions as a distribution system that allows a single application bundle to run consistently across multiple Linux operating systems without requiring per-distribution builds.
الميزات الرئيسية لـ flatpak/flatpak هي: Package Distribution, Linux Sandboxes, Cross-Distribution Formats, Manifest-Based Build Systems, Shared Library Bundling, Dependency Management Utilities, Runtime Dependency Bundlers, Application Packaging Formats.
تشمل البدائل مفتوحة المصدر لـ flatpak/flatpak: netblue30/firejail — Firejail is a Linux application sandbox and kernel security wrapper that isolates untrusted applications from the host… containers/bubblewrap — Bubblewrap is a Linux sandbox runner that creates lightweight, isolated execution environments for running untrusted… projectatomic/bubblewrap — Bubblewrap is an unprivileged sandbox execution utility for Linux that isolates processes from the host system. It… nodesource/distributions — This project is a Node.js binary distribution repository and Linux package repository. It provides a hosted set of… youki-dev/youki — Youki is a low-level container runtime written in Rust that creates and manages isolated containers according to Open… pypa/sampleproject — This project is a reference implementation and tutorial designed to demonstrate the end-to-end workflow of building,…
Firejail is a Linux application sandbox and kernel security wrapper that isolates untrusted applications from the host system. It uses kernel namespaces and seccomp filters to restrict filesystem access, drop kernel capabilities, and limit the system attack surface. The project is distinguished by its use of predefined security profiles to automatically apply filesystem restrictions and syscall limits based on the executable being launched. It provides specialized isolation for portable packages such as AppImages and implements X11 display isolation via proxy servers to prevent keyboard loggi
Bubblewrap is a Linux sandbox runner that creates lightweight, isolated execution environments for running untrusted applications. It combines Linux user, mount, network, PID, and UTS namespaces with seccomp-BPF system call filtering to restrict filesystem, network, process, and inter-process communication access. The project provides comprehensive process isolation by giving each sandbox its own private tmpfs root with selective bind-mounts, a separate network stack containing only a loopback interface, an independent process ID space, and remapped user and group identifiers. It applies secc
Bubblewrap is an unprivileged sandbox execution utility for Linux that isolates processes from the host system. It creates secure environments by leveraging Linux namespaces to separate system resources, including network, PID, and IPC stacks. The project distinguishes itself by enabling the execution of untrusted software without requiring root privileges on the host machine. It prevents privilege escalation by disabling the execution of setuid binaries and uses user identity mapping to isolate process permissions from the host operating system. The tool manages a comprehensive security sur
This project is a Node.js binary distribution repository and Linux package repository. It provides a hosted set of pre-compiled JavaScript runtime binaries for various Linux distributions to simplify installation and version management through native package managers. The project includes a Node.js observability toolset and security policy manager. These components enable the gathering of runtime telemetry to monitor application health and performance via diagnostic dashboards, while providing a resource restriction layer that intercepts system calls to prevent unauthorized modules from acces