Linux

I am a massive Distrobox fan. I do not use it for security though.

• create environments for specific purposes: dev, testing, cybersecurity work, video, AI, etc
• access to the full app library of any distro
• isolation of multiple large apps for easy and complete removal when you are done with them
• use Glibc apps on your MUSL distro
• install apps easily on an immutable distro
• total compatibility ( eg. Legally install a real RHEL9 Distrobox for free )
• ”try out” an unfamiliar distro without a VM
• experiment and break things without messing up your main system
• separate your distro base from your userland ( eg. Minimal Debian Stable install with pretty much all apps coming from an Arch Linux Distrobox ). Rock solid stability of the base system paired with a massive ecosystem of up-to-date packages.

I wouldn't use it for security, use VMs if you need isolation.

I used Distrobox for various dev projects on Fedora Atomic and it worked great for that. I did a separate homedir mainly just to avoid dumping a bunch of crap into my real home but definitely have the expectation that anything you install has full access to the system.

I run FreeCAD via Distrobox as well since the flatpak performance was pretty bad and it's wayyyy faster which is nice and preferable to rpm-ostree in my instance.

It works well when you want to install software that is not compatible with your distro, but it is not a great security measure since it integrates with your host system instead of acting as a sandbox.

Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain docker/podman container or a Flatpak.

I recommend you doing so, but not as a security measure, more of so as a "keeping everything organised"-measure.

I like to keep my host OS clean and install everything containerised

distrobox is ok but the mapping of the home directory only sets ~ to another directory, it doesn't map the new home directory to a new volume in the container to replace your home directory which i thought was odd

By default it will break out many things. I use db as an extra layer of containers in addition to a python venv with most AI stuff. I also use it to get the Arch AUR on Fedora too.

Best advice I can give is to mess with your user name, groups, and SELinux context if you really want to know what is happening where and how. Also have a look at how Fedora Silverblue does bashrc for the toolbox command and start with something similar. Come up with a solid scheme for saving and searching your terminal commands history too.

Sure, or containers, e.g. Docker/Podman, especially if there is a Web API available.

That being said, whatever you do, in fine it's about trust. What you are installing can cause damage so IMHO it's more about keeping things manageable while having your actually important data (not programs, downloaded content, etc but rather things you did yourself, e.g. written documents, sketches, configuration files, prototypes, photos, etc) safe even when the system itself is broken regardless of how and why.