Is there anything obviously wrong or bad about the idea to just use whatever distro you like on bare metal. Like rolling release to get the fastest updates or immutable to make it rock solid. And then just use distrobox or toolbx with Debian and maybe Arch to run software your base distro does not provide?
I run Fedora right now but want to switch to something else. I was thinking about Tumbleweed a lot but there is quite a big portion of software which does not ship on Tumbleweed. (Theoretically you could download the .rpm file which quite a few developers provide on and install it on Tumbleweed too? But I am not 100% sure about that so please correct me about that if I’m wrong.) So I thought about Nix but the drama around that distro made me loose interest. Obviously Arch is also an idea but I don’t like my base OS to be a project itself so I’d rather not use it for now.
And yes I thought about installing homebrew or nixpkg or pixi or whatever the name of the next new package manager is. But nearly all of them are only installable by executing a script and I don’t feel comfortable doing that. Would it be safer to run scripts like that in a distrobox/toolbx?
So yeah, my initial question was wether it is viable to just choose any distro and get along with distrobox to get your software from the AUR or through .deb packages. But the question developed if it would be wise to use distrobox to execute random internet scripts without altering your base OS/putting your data to risk.
Because you mentioned it, what exactly is selinux? I saw it a few times on fedora but never really understood what it’s useful for.
It’s for permission management. Usually the user does not see it really.
Basically, if a hacker gains access to something, selinux secures your system by limiting the scope the attacker can gain.
Ubuntu uses apparmor.
I’m not deep in both topics to judge which one is actually better. I am just used to selinux and it’s good. I remember that peoplr claimed apparmor to be easy and selinux to be difficult to handle but I can’t confirm that. For my podman containers I simply add “:Z” to the paths which the container shall have access to and I know that it can’t gain access to any other location because of this Z and selinux. If I have to debug selinux, I run
sudo setenforce 0and if it then works, I can look deeper into it.