| ▲ | mcint 2 days ago | |
aiui "distrobox" is built to support these setups and experimentation, even more readily, including defaults to support: > The created container will be tightly integrated with the host, allowing sharing of the HOME directory of the user, external storage, external USB devices and graphical apps (X11/Wayland), and audio. > Why * Provide a mutable environment on an immutable OS, like ChromeOS, Fedora Silverblue, OpenSUSE Aeon/Kalpa, or SteamOS3 ... * Provide a locally privileged environment for sudoless setups (eg. company-provided laptops, security reasons, etc…) * To mix and match a stable base system (eg. Debian Stable, Ubuntu LTS, RedHat) with a bleeding-edge environment for development or gaming (eg. Arch, OpenSUSE Tumbleweed, or Fedora with the latest Mesa) * Leverage a high abundance of curated distro images for docker/podman to manage multiple environments. > Aims This project aims to bring any distro userland to any other distro supporting podman, docker, or lilipod. It has been written in POSIX shell to be as portable as possible and it does not have problems with dependencies and glibc version’s compatibility. > It also aims to enter the container as fast as possible, every millisecond adds up if you use the container as your default environment for your terminal: > Security implications Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain docker/podman container or a Flatpak. | ||
| ▲ | bornfreddy a day ago | parent [-] | |
Very interesting, thank you for sharing! Unfortunately it looks like sandbox mode [0] is not a goal, so it doesn't solve the main problem I have - running semi-trusted apps (e.g. Android Studio) and minimising their impact. Currently I just share X11 socket and run it in Docker. | ||