I feel like inmutable distros are in a quite good state nowadays, and while solutions like bootc and sysexts are not “mainstream” yet, it’s getting there
when it comes to getting non Flatpak packages, things get interesting, there are a lot of options, really
AppImages, statically linked binaries, tarballs, OCI containers, distrobox/toolbx, Homebrew, VMs, Nix even experimental formats like RunImages, AppBundles and FlatImages
if you need some non-system level package, you’ll have a way to use it yet, still it seems sort of chaotic “which one should I choose? how will I be able to easily manage them?”
GPM, dbin, Soar, AM… and the list goes on
and it’s okay, the so called cloud native approach is still evolving, so this fragmentation is expected so it’s nice to share opinions about this while we’re living this interesting phase any thoughts?
my thoughts
Can always just layer it with rpm-ostree install (.rpm file)
Never used homebrew, that doesnt sound good.
I am trying to use nix and firejail only, but it is pretty rough and barely documented which is kinda insane as firejail is THE tool. Unlike crabjail, bubblejail and what else is out there
I was investigating sandboxing with Nix. Here is a dump of my saved notes:
General Nix Based
github.com/nixpak/nixpak
github.com/Naxdy/nix-bwrapper
https://todo.sr.ht/~alexdavid/jail.nix
LLM Specific Nix based
Projects to sandbox AI agents:
https://github.com/archie-judd/agent-sandbox.nix
https://github.com/myme/jaillm/blob/main/flake.nix
https://github.com/gfauredev/nix-agents-jail
https://github.com/azuwis/fence-agent.nix
github.com/kohane27/jailed-ai-agents/blob/main/llm.sh
Someone told me that if you take these things and then replace the entrypoint with bash, you get a sandboxed shell environment
Thanks, very useful list!