Sounds nice! It seems like the only "sandbox security engine" at the moment is the Flatpak one, right? Could someone explain to me what kind of sandboxing it brings?

For instance, can it be used to sandbox the clipboard, such that a sandboxed process cannot read the content of the clipboard without the user authorizing it?

And what else does it sandbox? Without this, can arbitrary processes "look at the window" of any other arbitrary process (and e.g. read the text rendered there)?