←back to thread

Apptainer: Application Containers for Linux

(apptainer.org)
112 points cl3misch | 1 comments | 26 Jun 25 09:45 UTC | HN request time: 0.206s | source
Show context
evertheylen ◴[26 Jun 25 13:50 UTC] No.44387418[source]
If any developers are looking to isolate different dev projects from each other using containers, I wrote a tool for it (using podman), maybe someone finds it useful or can thrash its security.

Find the code on https://github.com/evertheylen/probox or read my blog post on https://evertheylen.eu/p/probox-intro/

replies(1): >>44387642 #
maweki ◴[26 Jun 25 14:13 UTC] No.44387642[source]
Why didn't toolbox fit your needs? I found toolbox to be a very reasonable way to install development dependencies on a per project basis while not managing multiple hidden filesystems.
replies(1): >>44387895 #
evertheylen ◴[26 Jun 25 14:39 UTC] No.44387895[source]
toolbx is not actually intended to provide any security or isolation, see e.g. https://github.com/containers/toolbox/issues/183
replies(1): >>44390988 #
lotharcable ◴[26 Jun 25 20:28 UTC] No.44390988[source]
It would be more accurate to say that toolbx is based on Podman, but is intended to provide tight configuration with your user's outside environment.

If you want to use toolbx for more isolation you'll have to end up turn off a bunch of features and configuring it in weird ways that ultimately defeats the purpose of having toolbx in the first place....

It is a lot easier to just to cut out the middle man and use podman directly.

replies(1): >>44394988 #
1. evertheylen ◴[27 Jun 25 08:37 UTC] No.44394988[source]
Fully agree, that's why my python script is ultimately just a simple wrapper for podman but it makes my life a lot easier anyway.