Flatpak installs, manages and runs sandboxed desktop application bundles. Application bundles run partially isolated from the wider system, using containerization techniques such as namespaces to prevent direct access to system resources. Resources from outside the sandbox can be accessed via "portal" services, which are responsible for access control; for example, the Documents portal displays an "Open" dialog outside the sandbox, then allows the application to access only the selected file.
Each application uses a specified "runtime", or set of libraries, which is available as /usr inside its sandbox. This can be used to run application bundles with multiple, potentially incompatible sets of dependencies within the same desktop environment.
This package contains the services and executables needed to install and launch sandboxed applications, and the portal services needed to provide limited access to resources outside the sandbox.