Good explanation of the flatpak sandbox escape.

For those allergic to LLM writing: Some sentences read very LLM-like, e.g.:

> The fix wasn’t “change one function” — it was “audit the entire call chain from portal request to bubblewrap execution and replace every path string with an fd.”