While nix improves on multiple things (declaritive config, running multiple versions of software is possible, reproducibility, “immutable” filesystem, etc.), I haven’t read nor heard about a permission system of sandbox for running applications.
Tools like flatpak and snap are making good progress on that front and making it possible have more of a smartphone model for apps, which IMO is a great improvement to security.
Has this been discussed or brought up for nix? I imagine something like this could be possible
I think the best thing to do here is encourage adoption of Apparmor from package maintainers. For existing options I think firejail is your best bet. And of course you can always use flatpak. Honorable mentions go to systemd-run and nixos containers, which aren’t secure by default but can be made so. Given the amount of options, I’m not sure it’s worth adding even more. But something like what you’ve shown above would be up to the package maintainers anyways AFAICT.
Is there any existing discussion you’re aware of for what constitutes proper flatpak integration? I’ve only ever had a few issues using flatpak and Nixos together. Aside from breaking my .desktop files when flatpak updates, all I can think of that’s missing is declarative flatpaks, which couldn’t be pure anyways and probably belong in home manager instead.
That’s what I’d like, including declarative configuration of permissions and such. It doesn’t actually have to be pure, just more dclaratively controlled, and I don’t think it needs to be confined to home-manager.
How exactly that is to be achieved is a different question
You’re right on all accounts, not sure where I was going with the purity/home manager thought train.
On a separate note nixpak looks very cool, I’ll have to give it a try when I find the time.