Then all your rudeness and vulgar/condescending misquoting is for nothing-- when I said:

All I meant was that the user should be able to "override the sandboxing settings specified in the application manifest"

I certainly didn't mean that it's a problem if you have to become root first. I mean there's a history there, you have to be root to change the permissions (or contents) of files in /usr/bin, eh?

Everything you said really seemed to imply that

1. no such thing was possible

2. even if it were possible, it would be terrible security

It's possible as root? No problem, then! You were misunderstood, the claims two people took issue with-- you didn't make, apparently. Hooray.

Nah, you are the one that started trolling and stating bullshit about Red Hat and fabois. If you just asked directly, I would have just answered without trolling you back.

What you wrote is only loosely related, and I guess also what I said was not clear enough. I was thingking you were opposing the principles behind the "all untrusted" security model.

You said
The future doesn't actually require sandboxing to be something the user can't turn off.
and
mechanisms to disable the sandbox should be on the user configuration side

Yes the sandboxing can be turned off but it's not something that a user will be able to do easily, you need to know enough about Flatpak (and Linux) to know what you need to do. It's not like an ON/OFF switch that any primate can operate. The "easy switches" are the Portal system, described above, which is limited in scope and mimicks Android permissions.

This still means most users won't be able to disable the sandbox, and reserves this ability to developers and tinkerers, forcing application developers to support some form of sandboxing with their application if they want to ship a flatpak.

Do I understand it right that the "sandbox" permits full read-write access to the user home directory?

Flatpaks are stored in /var/lib/flatpak and their files can be modified by root (although a Flatpak update would remove any mods). This is how Spotify mods still works on the Flatpak. You can also install apps to the users folder which puts them in ~/.local/share/flatpak (the location makes no sense).

In contrast, Snap doesn't let you modify applications.

Layer on top of layer on top of layer on top of layer.

MORE ABSTRACTION FOR THE ABSTRACTION GOD!!!

Ahem. On a more serious note, it's basically a container, which is less mindbogglingly stupid than doing a full VM (which is what I have to do way too many times at work) so there is that.

But yeah, the current OS design is starting to show its age, Flatpak and containers are a bandaid. A true solution is a through redesign of the OS/applications concept.

It depends. You can give a sandboxed app that access, however, you don't have to.

Imagine a sandboxed Acrobat Reader. You could give it read/write access to $HOME, but revoke network access.

For Spotify it's the other way around.