friendica.eskimo.com
FOSS lightweight ”virtual machine” (it’s not quite a VM but it’s similar conceptually. It’s much lighter on your system than a VM).
Easy to install, setting it up for your use case may take some coding if it isn’t common (bash scripting experience will help).
Docker and podman aren't too bad nowadays I don't think assuming you're not running something huge
(Podman is another tool that does the same thing as docker)
Docker and podman containers are basically like throwaway mini-vms that contain one application to ensure it will always run no matter where so long as the machine you're running them on can run docker
They can run CLI stuff just fine, I'm not sure about desktop apps someone smarter than me will probably tell you about that
The umbrella project behind Incus, LXC, LXCFS, Distrobuilder and more.linuxcontainers.org
Docker, Distrobox, Toybox, systemd-nspawn, chroot.
Technically those all rely on the same kernel namespace features, just different ways to use it.
That's also what Flatpaks and Snaps do. If you only care about package bloat, an AppImage would do too but it's not a sandbox like Flatpak.
IIRC that's the whole point of flatpak, snap and appimage
Docker can probably do it too, distrobox puts a useful wrapper on that
Nix does that kind of, nix packages aren't isolated in that they can't access resources on your system but all dependencies are stored in the nix store, hashed and isolated from eachother, and wiped when you collect garbage
One way or another, if you want to run an application you are gonna need its dependencies (the key is the name)... they may be bundled into an appimage or come as part of flatpak ruintime, or be confined inside a container, or live in the nix store, but they will "bloat" your system anyway.
Learn how to cleanup your system (ie. uninstall all packages that are not needed by others that have been requested explicitly) and live a happy life. Only bother with other solutions if the software (or version) you need isn't available for your distro.
Go with one of the ready to use systems. Flatpak, Snap, AppImage. Snap is largely Ubuntu Ecosystem, Flatpak is independent. AppImage is an option if you do not need/want a Sandbox.
Stay away from Docker and LXC for this use case (graphical applications), they are much more work to get going.
Yes, Docker apps are more appropriate for servers and most apps are "made" to run 24/7 to serv the home or workplace.
They are very much worth the "work to setup" as they can be transfered/replicated to any system.
Flatpak and the alike are for running apps on a desktop/laptop.
You can just use podman+distrobox
Simple and rootless
There is always firejail which is very "even your mom can use it" in terms of usage.
e.g install it, type cd / && sudo firecfg, then your password and thats it.
Linux namespaces and seccomp-bpf sandbox. Contribute to netblue30/firejail development by creating an account on GitHub.GitHub
You can use appimages, more importantly if you make a directory next to the appimage with the name of the appimage + .home the appimage will also set that as its $HOME that way you can also keep the configuration files of the app separated from the host OS.
You can also sandbox appimages with aisap.
Tool to make sandboxing AppImages easy. Contribute to mgord9518/aisap development by creating an account on GitHub.GitHub
