Hacker News new | past | comments | ask | show | jobs | submit login

You can get halfway there with Flatpak and Distrobox. Or you could take a look at some of the "immutable" distros, such as openSUSE Aeon [1].

[1] https://aeondesktop.github.io/




Those solutions seem more aimed at keeping the system clean vs isolating what resources a program can access.

Flatpak does indeed get me part of the way there with better isolation, but available apps seem so scatter shot that I need a fallback mechanism for when there is not an official Flatpak artifact. Distrobox makes a point of indicating they are not a security boundary.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: