I am thinking about using distrobox. Since I am on debian I wont need it to install software I could otherwise not install. But I have some apps that require weired install scripts and I am thinking about using it as a security measurement. Do you think that is a good idea? Does that idea makes sense?
I wouldn’t use it for security, use VMs if you need isolation.
I used Distrobox for various dev projects on Fedora Atomic and it worked great for that. I did a separate homedir mainly just to avoid dumping a bunch of crap into my real home but definitely have the expectation that anything you install has full access to the system.
I run FreeCAD via Distrobox as well since the flatpak performance was pretty bad and it’s wayyyy faster which is nice and preferable to rpm-ostree in my instance.
It works well when you want to install software that is not compatible with your distro, but it is not a great security measure since it integrates with your host system instead of acting as a sandbox.
Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain docker/podman container or a Flatpak.
I recommend you doing so, but not as a security measure, more of so as a “keeping everything organised”-measure.
I like to keep my host OS clean and install everything containerised
Yeah. The idea of random stuff nesting into my pc where I will never find it again is also a big pain. That said using distroboy would make it much cleaner I guess.
