[Solved] This maybe a strange question but can I run a Linux app in a separate container/sandbox? Without its dependencies bloating my host OS?

Docker, Distrobox, Toybox, systemd-nspawn, chroot.

Technically those all rely on the same kernel namespace features, just different ways to use it.

That's also what Flatpaks and Snaps do. If you only care about package bloat, an AppImage would do too but it's not a sandbox like Flatpak.

56

Don't use docker with distrobox. Use podman instead as it is rootless and faster

9
- Docker for servers and Rodman for home pcs
  
  1

IIRC that's the whole point of flatpak, snap and appimage

Docker can probably do it too, distrobox puts a useful wrapper on that

Nix does that kind of, nix packages aren't isolated in that they can't access resources on your system but all dependencies are stored in the nix store, hashed and isolated from eachother, and wiped when you collect garbage

34

Appimage doesn’t do deduplication of packages does it?

1
- No, I apparently missed that but
  
  Nix is the best solution anyway imo
  
  1

Snap turns your system into a slug at boot time, makes it take forever to shut down as it unmounts fifty memory file systems, scatters files all over the place turning a neat organized system into a pile of shit. I primary run Ubuntu, but I excise snap from it as one of the first orders of business.

20

At that point, why still bother with Ubuntu?

13
- @naeap As long as it remains the easiest distro for me to get from initial setup to mangled the way I want it to work I'll stick with Ubuntu. It still tends to be more up to date than most other releases save Fedora but I do not care for the Redhat approach at all, they are rather like Windows in trying to force you to do it there way, "thou shall use LDAP and not NIS" for example. I don't like distros that think I should change my whole organization to suit their needs. Yea at some point I probably will switch to LDAP but will do it on my own terms in my own time not dictated by a distribution vendor. It is rather trivial for me to excise snap from Ubuntu, a lot more work to hack NIS into a system that doesn't natively support it.
  
  4
Luckily I use Arch (btw) so every Linux apps under the sun already available on the AUR, so I have 0 reason to use Snap/Flatpak

7
Isn't firefox strickly snapped in latest ubuntus?

4
- @0x0 No, Mozilla maintains their own repository. You can delete snap firefox and snap everything else, add the mozilla repository, and install firefox from there. You'll get a more current version as a side benefit. Instructions found here: askubuntu.com/questions/150203…
  
  9

Yes

That's called containerization

16

Go with one of the ready to use systems. Flatpak, Snap, AppImage. Snap is largely Ubuntu Ecosystem, Flatpak is independent. AppImage is an option if you do not need/want a Sandbox.

Stay away from Docker and LXC for this use case (graphical applications), they are much more work to get going.

13

Yes, Docker apps are more appropriate for servers and most apps are "made" to run 24/7 to serv the home or workplace.

They are very much worth the "work to setup" as they can be transfered/replicated to any system.

Flatpak and the alike are for running apps on a desktop/laptop.

3
- Agreed. My answer was in the assumption that it's about desktop apps as the OP mentioned Electron.
  
  2
You can just use podman+distrobox

Simple and rootless

2

Distrobox

10

One way or another, if you want to run an application you are gonna need its dependencies (the key is the name)... they may be bundled into an appimage or come as part of flatpak ruintime, or be confined inside a container, or live in the nix store, but they will "bloat" your system anyway.

Learn how to cleanup your system (ie. uninstall all packages that are not needed by others that have been requested explicitly) and live a happy life. Only bother with other solutions if the software (or version) you need isn't available for your distro.

8

You can use appimages, more importantly if you make a directory next to the appimage with the name of the appimage + .home the appimage will also set that as its $HOME that way you can also keep the configuration files of the app separated from the host OS.

You can also sandbox appimages with aisap.

7

Both strange and not, tbh. On one hand, I understand the sentiment; on the other hand, installing more software with its own dependencies to isolate electron's dependencies, and potentially installing twice those libs both electron and something else on your system depend on seems counterproductive (leaving the security benefits of containerization/sandboxing out of the question here, tho).

3

Why not Docker?

3

Because podman :)

9
- Points for the correct answer. I work on systems for spacecraft and podman is what we use on those for containerization (better option for a couple reasons)... but we literally just SAY docker to the suits, because that's what they've heard of. Which is why I said docker to this guy.
  
  6
I heard of docker but I'm not really sure what it is, is it free? is it hard to set everything up? Can my computer handle it?

2
- Docker and podman aren't too bad nowadays I don't think assuming you're not running something huge
  
  (Podman is another tool that does the same thing as docker)
  
  Docker and podman containers are basically like throwaway mini-vms that contain one application to ensure it will always run no matter where so long as the machine you're running them on can run docker
  
  They can run CLI stuff just fine, I'm not sure about desktop apps someone smarter than me will probably tell you about that
  
  6
- FOSS lightweight ”virtual machine” (it’s not quite a VM but it’s similar conceptually. It’s much lighter on your system than a VM).
  
  Easy to install, setting it up for your use case may take some coding if it isn’t common (bash scripting experience will help).
  
  2
- Docker and Podman are both free. Podman is the lighter weight, more FOSS, also slightly more DIY option, they are intercompatible - I work on systems for spacecraft and Podman is what we use on those because it's lighter weight. If you want to run something in docker, ChatGPT is actually pretty good at talking you through the specific setup (at least that's been my experience).
  
  1

It depends on your usecase. We need more detail regarding what application (gui/cui/open source/proprietary/custom) you are trying to use

Check if the application you want to use exists as snap/flatpak/appimage.
If it exists, install the application as per their standard operating mechansim
Once used, just remove them. Your original system libs are untouched

If the application doesn't exist in those platforms, it's a different story. You might need to use distrobox or docker. Don't use nix because it's overkill for what you want to do.

2

There is always firejail which is very "even your mom can use it" in terms of usage.

e.g install it, type cd / && sudo firecfg, then your password and thats it.

2

Distrobox is probably what you’re looking for.

2

Holy smoke this is it, I can't believe I'm using Linux for 1 years and still haven't heard of this software, I'll give it a shot thanks you very much

2

Look into Incus (formerly LXC) containers or the various i'm gonna replace traditional packaging formats like AppImage, FlatPak and what not.

1

I'm thinking of using VM but I'm hoping to find a better solution

1

Short: Yes, of course. Long: Well, this is really a long answer, depending on your needs...

1
- I'm only needed to run any apps that has bloat/redundant dependencies so I can remove it anytime I want without screwing up my entire OS ;D
  
  1

Yea, I have a Manjaro box also, which is based up on Arch with some ugliness added to it, and yes, I have installed and run Arch before so I am familiar, only problem I've run into is every time I go to do an update one or more apps won't compile and I end up having to remove 35 programs and re-installing to fix. There are a lot of things to like about it though, particularly having packages that are just tar files makes them very easy to extract / modify / create. But not a great system if you just need to get things done.

-1

Since Linux tends to be inherently more efficient AND secure than WhenDoze it makes more sense to me to run Linux as the primary OS and put WhenDoze as in the VM. This has the additional benefit of making it easy to restore WhenDoze when it inevitably
shits itself.

-10

what do you mean you claim "more secure" here? secure in comparison to what, exactly?

1
- @zwekihoyy If you look at any botnet on the net, it's going to be 99.999% windows machines, always. If you look at machines compromised by Ransomeware, that happens to Linux but rare, common on Windows. Windows is like a 20 year old asphalt road, patches upon patches.
  
  1