Flatpak 0.6.12 Linux Application Sandboxing Makes Kernel Keyring Non-Containable

New features in Flatpak 0.6.12 include support for the “–device=kvm” option to be able to access /dev/kvm, support for the “–allow=multiarch” parameter allow running of 32-bit (i686) code in a 64-bit (x86_64) application, better error messages, robustness fixes for the build-commit-from command, and partial revert in application ID rules. Also new in Flatpak 0.6.12, is the ability for the “flatpak update –appstream” command to update all remotes, a bran-new default-branch setting that allows for remote configuration, as well as support for using any PID in the sandbox (root privileges are required). Lastly, the kernel keyring was made inaccessible and non-containable by default.