this post was submitted on 04 Feb 2025

31 points (97.0% liked)

Linux

49544 readers

922 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Worth using distrobox? (lemm.ee)

submitted 1 day ago by Zenlix@lemm.ee to c/linux@lemmy.ml

9 comments fedilink hide all child comments

I am thinking about using distrobox. Since I am on debian I wont need it to install software I could otherwise not install. But I have some apps that require weired install scripts and I am thinking about using it as a security measurement. Do you think that is a good idea? Does that idea makes sense?

top 9 comments

sorted by: hot top controversial new old

[–] qaz@lemmy.world 17 points 22 hours ago* (last edited 22 hours ago)

It works well when you want to install software that is not compatible with your distro, but it is not a great security measure since it integrates with your host system instead of acting as a sandbox.

Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain docker/podman container or a Flatpak.

[–] Guenther_Amanita@slrpnk.net 21 points 1 day ago (1 children)

I recommend you doing so, but not as a security measure, more of so as a "keeping everything organised"-measure.

I like to keep my host OS clean and install everything containerised

[–] Zenlix@lemm.ee 3 points 23 hours ago

Yeah. The idea of random stuff nesting into my pc where I will never find it again is also a big pain. That said using distroboy would make it much cleaner I guess.

[–] thingsiplay@beehaw.org 18 points 23 hours ago

If they require weird install scripts you don't want to install on your system, then do not install it with Distrobox either. For those cases you don't trust the weird install script, I recommend to use a Virtual Machine; if you really really need the program.

[–] jimmy90@lemmy.world 3 points 21 hours ago

distrobox is ok but the mapping of the home directory only sets ~ to another directory, it doesn't map the new home directory to a new volume in the container to replace your home directory which i thought was odd

[–] j4k3@lemmy.world 1 points 1 day ago

By default it will break out many things. I use db as an extra layer of containers in addition to a python venv with most AI stuff. I also use it to get the Arch AUR on Fedora too.

Best advice I can give is to mess with your user name, groups, and SELinux context if you really want to know what is happening where and how. Also have a look at how Fedora Silverblue does bashrc for the toolbox command and start with something similar. Come up with a solid scheme for saving and searching your terminal commands history too.

[–] utopiah@lemmy.ml 0 points 23 hours ago (1 children)

Sure, or containers, e.g. Docker/Podman, especially if there is a Web API available.

That being said, whatever you do, in fine it's about trust. What you are installing can cause damage so IMHO it's more about keeping things manageable while having your actually important data (not programs, downloaded content, etc but rather things you did yourself, e.g. written documents, sketches, configuration files, prototypes, photos, etc) safe even when the system itself is broken regardless of how and why.

[–] qaz@lemmy.world 5 points 22 hours ago* (last edited 21 hours ago) (1 children)

This is just incorrect

...or containers, e.g. Docker/Podman

Distrobox is a script that manages Docker/Podman containers

What you are installing can cause damage so IMHO it's more about keeping things manageable while having your actually important data...

Programs are installed the container, not on the host system. When you break the container the host system is fine unless using rootful (or Docker) containers.

...while having your actually important data (not programs, downloaded content, etc but rather things you did yourself, e.g. written documents, sketches, configuration files, prototypes, photos, etc) safe...

Using Distrobox does NOT keep your own files safe, it actually mounts your home directory and external USB drives inside the containers by default fully exposing your documents to whatever you install inside.

From the documentation:

Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain docker/podman container or a Flatpak.

[–] utopiah@lemmy.ml 2 points 14 hours ago* (last edited 14 hours ago)

Yeah I don't think you're addressing what I wrote, you're mixing up my suggestion (to clarify the important part is "or") with DistroBox then more general comments. Might be that I wrote it unclearly but anyway it wasn't what I was saying.