> Sounds like you're leaning more towards the Qubes OS model, even though I'm sure you don't want to go that extreme.
Qubes OS is full virtualization. I don't want to boot a separate kernel for every process I want to start. That is not very useful.
> Either way I'm very happy with Atomic Linux, it's a huge improvement. I'm sure there will be more improvements that will offer separate rootfs for each process. Isn't that already handled by running flatpaks in their own container root?
As the article here says, not all apps can be used as flatpak.
Currently flatpak is mostly for GUI desktop apps, most common cli tools are missing. For instance there is no gcc flatpak.
Also the layers under a flatpak are not separated by individual packages but by broader runtime environments, thus they contain more stuff than each individual application requires. I want a system that could even be deployed on a small embedded device, because it is so generic.
I have containers for everything CLI. Like I'll have one specialized for build tools, one for manipulating qemu images, one for Terraform/ansible and so forth.
I even build cargo packages in a container, install the binary, and then run it outside the container.
> As the article here says, not all apps can be used as flatpak. Currently flatpak is mostly for GUI desktop apps, most common cli tools are missing. For instance there is no gcc flatpak.
Qubes OS is full virtualization. I don't want to boot a separate kernel for every process I want to start. That is not very useful.
> Either way I'm very happy with Atomic Linux, it's a huge improvement. I'm sure there will be more improvements that will offer separate rootfs for each process. Isn't that already handled by running flatpaks in their own container root?
As the article here says, not all apps can be used as flatpak.
Currently flatpak is mostly for GUI desktop apps, most common cli tools are missing. For instance there is no gcc flatpak.
Also the layers under a flatpak are not separated by individual packages but by broader runtime environments, thus they contain more stuff than each individual application requires. I want a system that could even be deployed on a small embedded device, because it is so generic.