Isolation is easy to achieve. Flatpak’s sandboxing layer is bubblewrap. It’s an independent software. It wouldn’t be too hard to write a wrapper for bubblewrap that acts like flatpak and launches applications in a carefully constructed sandbox.
It’s also not too hard to cook a Dockerfile for it, or even write a systemd wrapper with security settings. However, with flatpak you get this out of the box and mostly in a transparent way, plus you get all the usually annoying aspects (like having GUI applications work in containers) taken care of.
Isolation is easy to achieve. Flatpak’s sandboxing layer is bubblewrap. It’s an independent software. It wouldn’t be too hard to write a wrapper for bubblewrap that acts like flatpak and launches applications in a carefully constructed sandbox.
It’s also not too hard to cook a Dockerfile for it, or even write a systemd wrapper with security settings. However, with flatpak you get this out of the box and mostly in a transparent way, plus you get all the usually annoying aspects (like having GUI applications work in containers) taken care of.