If you do, what is your setup to run and maintain the containers? Have you experienced any problems that have been show-stoppers?
They seem like an attractive option in some cases, but I’m curious to hear how people use them for general computing.
I use flatpak. Problems for me include the lack of package signing like the standard repos have.
Containers like Docker/Podman? I only use that for selfhosted services on my servers. I can’t speak to Docker/Podman applications used on desktop.
If you want to include more universal package methods such ad Snap, Flatpak, and AppImage, I use Flatpak installations for things I want to sandbox that don’t have a focus on Linux Development. These are applications like Discord and Spotify. I’ll also install applications through Flatpak that aren’t available through my package manager, after checking that the Flatpak is maintained by the developer. An example of that which I use is Czkawka which finds and offers solutions for duplicate and similar files.
The way I used Flatpak, I haven’t run into any show stopping issues although I do know using Flatpak for CLI applications can be difficult and annoying. I believe Flatpak CLI apps need to be run by using the full Flatpak package name instead of just the executable name.I set up a docker image for work that contains our prefered IDE and all our toolchains pre-configured. It’s possible flatpack or appimage would have been prefereable but I found setting it up via docker to be really intutitve.
How do you use GUI apps with Docker? Do you have an X server (or equivalent) running on the Docker container that you connect to remotely?
On a local machine using X or XWayland you can pass in the DISPLAY environment variable and X socket. Any program that expects a local X server will just connect to that over a unix socket like normal. It took a little trial and error but there are some guides online.
I use Flatpak sometimes. Unfortunately, I’ve had issues with Flatpak packages being less maintained than apt packages and having weird bugs related to sandboxing. I try to avoid unofficial Flatpak packages of applications that have official Linux support compatible with my computer.
LXC for:
- Software builds
- Command line experiments on distros other than my main one
- Running apps with no risk of messes left behind when I uninstall them
- Some (limited) privacy isolation when running apps that I don’t trust
(It doesn’t provide as much isolation as a hypervisor-based virtual machine, but it’s good enough for some purposes, and much better than Flatpak.)
Flatpak for:
- A handful of apps that aren’t available in my distro’s package repo
- Steam, because its runtime containers don’t play well with LXC
(I never run apps from Flathub, because I find they usually come with loose permission settings that sacrifice the user’s security and privacy in favor of the packager’s convenience. Instead, I build my own flatpaks. Some people get a similar effect by micromanaging overrides with
flatpak override
or Flatseal.)Snap looked interesting when I looked at it a few years ago, especially since parts of its sandboxing design looked more effective than Flatpak’s. However, it was pushed out to Ubuntu users in a state that I don’t consider fit for release, and the maintainers have been painfully slow to address its issues, and its repository system is not open, so I doubt that it will ever meet my needs.
Docker on some servers, though I intend to switch to Podman. (And you asked about desktop software, so this is a little off-topic.)
I have never heard of LXC, thanks for the tip! Is LXC similiar to Docker where you need to configure the entire environment? When you use LXC for desktop software, do you always build from source?
LXC puts an entire Linux distro in a container, so I can use shells, install packages, and configure/manage things like I would a virtual machine. It’s useful when I want more flexibility than the single-app model offered by docker and flatpak. I haven’t tried using it for a desktop environment (like Plasma or GNOME), but I have used it for GUI apps.
No, I don’t always build apps from source for use in an LXC container. I usually let the guest’s package manager (like apt) install them.
Are you aware of Qubes OS? It’s made specifically for desktop software in containers.
No I havent, but it looks incredible! Thanks for another tip.