Definitely not perfect, but I wish people would lean on good old fashion unix more for these things instead of implementing it worse on top of it.

I skimmed the article and it looks like one thing they do is have a daemon in the background to intercept data in and out, when they could just make user groups and normal file permissions.

I know it's almost a meme at this point, but plan9 had a great system for this.

You were able to define a filesystem layered on top of your own, exposing and linking files/folders however you please to any process.

So say you have a web server. You can make a layer that only has /www and /configs, linked to some folder in /var/foo/webstuff, and /etc/fooserver/configs or something.

No reason why you couldn't standardize an interface for systems like flatpak to safely use your filesystem.