Set PYTHONUSERBASE to `/var/data/python/` to prevent host python packages from leaking into sandbox
https://github.com/flatpak/flatpak-docs/issues/431#issuecomment-1875302718
This used to be set in freedesktop-sdk directly through a python patch https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/204d891bafab75920db5c8abe23fae9af329e203/files/python3_usercustomize.py but that changed from 23.08 onwards
https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/issues/1671
So any runtime and SDK built on top of 23.08 or above is affected:
flatpak run --command=python org.kde.Platform//6.6 -c "import site; print (site.USER_SITE)"
/home/bbhtt/.local/lib/python3.11/site-packages
flatpak run --command=python org.kde.Platform//5.15-22.08 -c "import site; print (site.USER_SITE)"
/var/data/python/lib/python3.10/site-packages
flatpak run --env=PYTHONUSERBASE=/var/data/python --command=python org.kde.Platform//6.6 -c "import site; print (site.USER_SITE)"
/var/data/python/lib/python3.11/site-packages
Edited by bbhtt