Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
Yes I have do the same, layer small packages, use Flatpaks and complex stuff like (R + rstudio + COPR + Modules) or (QGis + grass + python + plugins) or IDEs in a distrobox.
At least in Distrobox you can also create rootful containers which could run an entire DE, or run libvirtd in there and use virt-manager in a rootless box, connected over ssh. Totally works but its a bit complicated. But for software with systemd or USB access this is needed.
Flatpaks share libraries, but they are sometimes not packaged well, contrary to distro packages, which on the other hand may pull in loots of dependencies.
Would be interesting to run all packages in a rootful distrobox and have Fedora RPMs on the other hand.
There are some hardening problems though, that I dont really understand, with user namespaces being blocked in the hardened kernel. On Arch there is bubblewrap-suid which fixes that in a way I also dont understand yet, but Podman, Distrobox, Toolbox, Docker etc dont work yet, and may not work too.
Yes I have do the same, layer small packages, use Flatpaks and complex stuff like (R + rstudio + COPR + Modules) or (QGis + grass + python + plugins) or IDEs in a distrobox.
At least in Distrobox you can also create rootful containers which could run an entire DE, or run libvirtd in there and use virt-manager in a rootless box, connected over ssh. Totally works but its a bit complicated. But for software with systemd or USB access this is needed.
Flatpaks share libraries, but they are sometimes not packaged well, contrary to distro packages, which on the other hand may pull in loots of dependencies.
Would be interesting to run all packages in a rootful distrobox and have Fedora RPMs on the other hand.
There are some hardening problems though, that I dont really understand, with user namespaces being blocked in the hardened kernel. On Arch there is
bubblewrap-suid
which fixes that in a way I also dont understand yet, but Podman, Distrobox, Toolbox, Docker etc dont work yet, and may not work too.