Container images?

Posted Jul 23, 2025 13:47 UTC (Wed) by rjones (subscriber, #159862)
In reply to: Container images? by aragilar
Parent article: Catanzaro: Fedora must (carefully) embrace Flathub

For web-based desktop it might just be better to run the desktop inside of a VM. There are nice ways to integrate 'thin' virtual machines into things like kubernetes or other orchestration solutions. Running a multiple desktops used by different users/groups in containers side by side seems like a bit of a nightmare security-wise.

Silverblue is still rpm-based. It uses the same rpms as Fedora Workstation does for the most part. The difference is how they are managed to provide the "Atomic" features. And in the future when bootc becomes adopted then the OS itself is distributed as a OCI container image.

One of the things I like about the "containerized desktop" approach is that it creates a clean separation between "OS" and "Application". (Note that your OS doesn't have to be Atomic or Immutable to take advantage of containerized applications.)

Like in Networking we have the TCP/IP stack, which divides the network protocols up into layers (link, internet, transport, application). That way different layers can be swapped out without impacting too much the layers above or below it. The same application data can ride over ethernet, cable internet, etc. With the traditional Linux distro you have only two layers... "Kernel" and "Userland". Were Userland is just a tangled mush of interdependent dependencies with no real distinction between what makes a system level service vs a desktop application.

If you end up with separate "OS" and "Applications" layers then that, theoretically, should free up the OS part considerably. They should be able to make more radical changes and accelerate development at that level without expending a great deal of resources on maintain applications and their compatibility. Similar to how the Linux kernel is able to iterate separate from Linux distributions. Especially when it comes to the Desktop Environment part of the OS.

Like how many dozens of groups maintain their own version of "Firefox Browser". There has to be a different set of volunteers for each major distribution that modifies how it is built and packages to conform to their specific vision of how OS should be laid out and packaging policies. That is a lot of work put into doing things in slightly different ways only to end up with the ideal situation that there is no discernible difference at all in how the application behaves on any of these distributions. But in the end we only really need to have it packaged once.

It is a nice experience when upgrading, say Fedora 41 to 42, that all my desktop applications remained the same before as after. It is a lot less worry about some of the more cantankerous proprietary ones that I need for work, like "Zoom desktop". Dealing with small differences in OSes after upgrades is not something I look forward to on my workstation when faced with deadlines, so it is nice when the applications I use don't all change along with it.

So hopefully it should allow Fedora to be the even-more-faster-paced rpm-based distro.

Container images?

Posted Jul 24, 2025 11:51 UTC (Thu) by aragilar (subscriber, #122569) [Link] (1 responses)

Jupyterhub with k8s is the defacto standard for providing access to these kind of services, and it remains relatively easy to spin up various images with specific applications (desktop or otherwise) where they are provided by by debs/rpms. That's not true when snaps are involved. I've also seen snaps unable to handle home directories not in `/home` (which isn't unusual in more traditional unix environments). I've not dug into flatpak or appimage (so maybe they're more reliable) in those kind of environments (as typically it's easier to get apps other ways), but I wouldn't surprised if they bring along their own issues. Partly it's the underlying technologies involved, but I think partly it's a disconnect as to what different groups of users want or need from the packaging technologies.

Container images?

Posted Jul 24, 2025 21:01 UTC (Thu) by raven667 (subscriber, #5198) [Link]

While they may have some overlap in technical issues in what the Linux kernel and common desktop environments are capable of doing to support containerized desktop applications, I wouldn't presume that the bugs which snap apps face are going to be the same bugs that flatpak apps run into, as snaps are just another non-canonical technology which is only developed by Canonical that is never going to grow an ecosystem beyond whatever in-house development they can afford because their corporate culture and CLA practices inhibit collaboration with the rest of the (small, but always growing) desktop Linux ecosystem. Flatpak has had much more engineering effort put into by a wider array of better engineers than Canonical can hire, so I expect the arc to be the same as Upstart/systemd, Unity/GNOME, Wayland/Mir, etc. where eventually Canonical will get tired of paying to be different and adopt the Flatpak multi-vendor standard for containerized app packaging, maybe with their own branded frontend so they can operate a paid storefront.