Worth using distrobox?

thingsiplay@beehaw.org

If they require weird install scripts you don't want to install on your system, then do not install it with Distrobox either. For those cases you don't trust the weird install script, I recommend to use a Virtual Machine; if you really really need the program.

utopiah@lemmy.ml

Sure, or containers, e.g. Docker/Podman, especially if there is a Web API available.

That being said, whatever you do, in fine it's about trust. What you are installing can cause damage so IMHO it's more about keeping things manageable while having your actually important data (not programs, downloaded content, etc but rather things you did yourself, e.g. written documents, sketches, configuration files, prototypes, photos, etc) safe even when the system itself is broken regardless of how and why.

qaz@lemmy.world

...or containers, e.g. Docker/Podman

Distrobox is a script that manages Docker/Podman containers

What you are installing can cause damage so IMHO it's more about keeping things manageable while having your actually important data...

Programs are installed the container, not on the host system. When you break the container the host system is fine.

...while having your actually important data (not programs, downloaded content, etc but rather things you did yourself, e.g. written documents, sketches, configuration files, prototypes, photos, etc) safe...

Using Distrobox does NOT keep your own files safe, it by actually mounts your home directory inside the containers by default fully exposing you r documents to whatever you install inside.

qaz@lemmy.world

It works well when you want to install software that is not compatible with your distro, but it is not a great security measure since it integrates with your host system instead of acting as a sandbox.

jimmy90@lemmy.world

distrobox is ok but the mapping of the home directory only sets ~ to another directory, it doesn't map the new home directory to a new volume in the container to replace your home directory which i thought was odd

utopiah@lemmy.ml

Yeah I don't think you're addressing what I wrote, your mixing up my suggestion with DistroBox then more general comments.

radau@lemmy.dbzer0.com

I wouldn't use it for security, use VMs if you need isolation.

I used Distrobox for various dev projects on Fedora Atomic and it worked great for that. I did a separate homedir mainly just to avoid dumping a bunch of crap into my real home but definitely have the expectation that anything you install has full access to the system.

I run FreeCAD via Distrobox as well since the flatpak performance was pretty bad and it's wayyyy faster which is nice and preferable to rpm-ostree in my instance.

lefantome@programming.dev

I am a massive Distrobox fan. I do not use it for security though.

• create environments for specific purposes: dev, testing, cybersecurity work, video, AI, etc
• access to the full app library of any distro
• isolation of multiple large apps for easy and complete removal when you are done with them
• use Glibc apps on your MUSL distro
• install apps easily on an immutable distro
• total compatibility ( eg. Legally install a real RHEL9 Distrobox for free )
• ”try out” an unfamiliar distro without a VM
• experiment and break things without messing up your main system
• separate your distro base from your userland ( eg. Minimal Debian Stable install with pretty much all apps coming from an Arch Linux Distrobox ). Rock solid stability of the base system paired with a massive ecosystem of up-to-date packages.

lefantome@programming.dev

This is the way

lefantome@programming.dev

If you are worried that the script will be malicious, Distrobox does not help.

However, if your main concern is that it is going to make a mess, Distrobox is the perfect solution.