With Snap we had problems with it blocking `strace`; I had to send them a patch to their seccomp-bpf policies (theirs, not ours) to allow a read-only subset of it, because of a kernel bug where the ability to write registers could bypass the seccomp filter. I don't know offhand if Flatpak is similar. As far as file paths, Flatpak appears to use [bubblewrap][], which puts the program into its own mount namespace and rearranges the filesystem inside it to limit access. `/proc/<pid>/root` resolves to the actual root directory (ignore what `readlink` says), so you can do things like `cd /proc/<pid>/root` to look around. [bubblewrap]: https://github.com/containers/bubblewrap
Bug 1653852 Comment 15 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
With Snap we had problems with it blocking `ptrace`; I had to send them a patch to their seccomp-bpf policies (theirs, not ours) to allow a read-only subset of it, because of a kernel bug where the ability to write registers could bypass the seccomp filter. I don't know offhand if Flatpak is similar. As far as file paths, Flatpak appears to use [bubblewrap][], which puts the program into its own mount namespace and rearranges the filesystem inside it to limit access. `/proc/<pid>/root` resolves to the actual root directory (ignore what `readlink` says), so you can do things like `cd /proc/<pid>/root` to look around. [bubblewrap]: https://github.com/containers/bubblewrap