Nix is a tool that takes a unique approach to package management and system configuration. Learn how to make reproducible, declarative and reliable systems.
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
Great thanks! So Fedora+Nix (maybe some hacky way to symlink it to /var/nix on every boot and it can run on Atomic too)+bubblejail (there is a COPR now for use in secureblue) could be a great setup!
Any info about namespaces? Hardened kernels block these for valid reasons. Flatpaks can use bubblewrap-suid, Podman is supposedly not compatible (not sure about that)
Does Nix need user namespaces, and does it allow good Sandboxing like Podman or Flatpak?
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
But building packages happens in sandbox
Great thanks! So Fedora+Nix (maybe some hacky way to symlink it to
/var/nix
on every boot and it can run on Atomic too)+bubblejail (there is a COPR now for use in secureblue) could be a great setup!Any info about namespaces? Hardened kernels block these for valid reasons. Flatpaks can use bubblewrap-suid, Podman is supposedly not compatible (not sure about that)
I’ve used flatpak in the past, and although you basically give up the declarative aspect they worked fine as far as I remember
That was not answering the question 😅
Ah, I think I see what you meant now. My bad!
No idea, I use Gentoo