SymbolicLink

In a way, but chroot only isolates file systems (process only has access to an isolated "root" which isn't the actual host's root). Rootless Podman/Docker goes a few steps beyond and utilizes cgroups, and user namespaces to isolate not only file systems, but also processes and networking.

Here is a high level overview.

And another one from Dan Walsh.

From a user perspective, Distrobox is a tool that lets you "spin up any distro inside your terminal".

You can basically create a mini Linux environment of any distro that you can access through the terminal. You can set it to share your home folder, our create a new home folder just for that mini environment.

Behind the scenes Distrobox is creating and managing containers through Podman or Docker. You could technically achieve the same thing by manually setting up Podman containers, Distrobox just makes it very easy to create and maintain those containers with the correct permissions. It also has useful tools where you could install an app in a Distrobox container, but then add that app to your host OS app list.

This makes it especially useful for immutable OSs. Instead of adding packages to your base OS, which should be kept as minimal as possible, you can just install them in a Distrobox, so your host's root filesystem is unaffected.

Silverblue + ZFS would be a match made in heaven, unfortunately Fedora makes it really hard to do ZFS reliably, too many kernel updates that break ZFS. This would be an even bigger nightmare on Silverblue given the distribution model.

If only ZFS was part of the Linux kernel 😑. maybe one day

Disagree, no matter the level of detail, having "yes" automatically selected is an assumption. What purpose would it have other than hoping people will just select the defaults and ignore it?

Having it as a default guarantees it doesn’t scare non-power users away from it. It’s not about just having people clicking next and accepting it without consent.

Scare away from what? Data collection? I mean even in that wording you are saying there is something to be scared of. It should be up the user. If you are saying "non-power users won't fully understand what is being collected and might get scared away if it isn't the default option" then that is even worse TBH. Preying on people not fully understanding what's going on.

Having the default box being "on" is only for the purpose of hoping people click through without realizing.

There is literally no other argument here. "Consent" is: "Hey do you want this, yes or no?". Not "We are assuming yes unless you explicitly tell us otherwise".

Reading through the post it looks like the project leads (Fedora council members) are arguing in favour of "opt-out" and the larger community is arguing in favour or either opt-in or a middle ground where the user has to select an option with no default.

Honestly it seems like the Fedora team is arguing that there are only two options: opt-out, or nothing at all. This isn't true and people are commenting with more reasonable alternatives.

I know its not in development yet, but if the Fedora council members are saying "opt-out or nothing", not a good look TBH given this initial community response.

I daily drive Fedora Silverblue on my laptop and distrobox has been great.

I have layered only two packages: USB Guard and Distrobox. I run syncthing in a rootless podman container, and the rest goes through Distrobox.

I was even able to setup ProtonVPN in distrobox and it functions as if it was directly installed on the host (just need to map your home folder and some permissions).

I hope that immutable becomes either the standard or at least all major distros start offering it as an alternative. Makes everything foolproof and makes me much more willing to try new packages and tools because I can always just roll back.

The only thing that would really make it perfect is if files in /etc/ where also handled in a similar manner. IE: Can make changes to configuration files, and easily roll back to defaults at any time.

I also recommend Fedora if OP wants a similar “just works” experience as Ubuntu.

Been using it for a while now on my desktops/laptops with no issues.

I run everything in rootless containers using systemd service files generated with podman generate systemd.

Podman Compose is a "community effort", and Red Hat seems to be less focused on its development (here is their post about it).

There are ways to get it working but I find it easier to go with podman containers and pods through systemd because the majority of documentation (both official and unofficial) leans in that direction.

I don't know how much you already know, so here is just a summary of things that worked for me for anyone reading.

Podman uses the concept of "Pods" to link together associated containers and manage name spaces, networking, etc. The high level summary for running podman pods through systemd:

• Create an empty pod podman pod create --name=<mypod>.
• Start containers using podman run --pod=<mypod> ... and reconfigure until containers are working within the same pod as desired.
• Use podman generate systemd to create a set of systemd unit files. Be sure to read through the options in that man page. -- this is more reliable than creating systemd unit files by hand because it creates unit files optimized for the podman workflow.
• place the generated systemd unit files in the right place (user vs. system) and then it can be started, enabled, and disabled as with other systemd unit files.

Note: for standalone containers that are not linked or reliant on other containers, you ~~can~~ should skip creating the empty pod and can skip the --pod=<mypod> when starting containers. This should result in a single service file generated and that container will operate independently.

This post goes over pods as systemd services.

This doc goes over containers as systemd services.

The Red Hat Enterprise Linux docs have a good amount of info, as well as their "sysadmin" series of posts.

Here are some harder to find things I've had to hunt down that might help with troubleshooting:

• Important: be sure to enable loginctl enable-linger <username> or else rootless pods/containers will stop when you log out of that session.
• If you want it to run a container or pod at system startup you will need to specify the right parameters in the [Install] section of the systemd file, see this doc page. Podman generate systemd should take care of this.
• If you are using SELinux there is a package called container-selinux that has some useful booleans that can help with specific policies (container-use-devices is a good one if your container needs access to a GPU or similar). Link to repo