[] Browser isolation

Nice to see that in 2021 SailfishOS got some application isolation. Its ancestor Nokia introduced it in 2006 and Android has it since its beginnings in 2009.

It’s based on firejail, which is nice because you can run and debug the same system on any Linux machine.

Looking around a bit how the browser is sandboxed I wondered:

  1. The browser sees the commhistory files (i.e. your messages and calls). Is that required?
  2. The browser sees your contacts. Is that required?
  3. The browser can run gpg. What feature does that provide?

It should be relatively easy to modify the permissions and see what happens. But before breaking my phone I thought maybe someone has some insights already.