Recently I saw a few people bringing up Bedrock Linux as the ultimate Linux OS, but reading the specs, it is very dubious for me that it makes any practical sense.
But before I pass any judgement, I’d like to hear what the community thinks about that “metadistribution”, and what utility that kind of system has, what would be the circumstance, when it is an obviously better choice than let’s say Arch with custom PKGBUILDs for software that’s not in the repos.
Recently I’ve been playing with Toolbx and Distrobox which I believe are indicative of the way forward in this space.
So Distrobox looks interesting, but it seems to be running distros as virtual machines or docker images, whereas Bedrock Linux ran two or more Distros on physical hardware.
Toolbx looks like it would be great addition to SteamDeck. It only needs a FlatPak install option and your done. Maybe Valve could include it on their default install.
Bedrock Linux was probably was more focused on running another distros package manager or commands on host system.
Like having a stable Debian install and being able to use Pacman to install stuff from Arch repositories, or even from the AUR. You could have a minimal Debian host / base, and have an Arch install on top of that. If you do anything that stuffs up Arch then it will still boot to Debian and you will still be able to use Pacman to remove anything you need.
It might be more a proof on concept thing rather than being practical on a work computer, and now that Snap and FlatPak are supported across so many distros it could be argued that it seems less useful now then it did when it was being developed.
Regarding Distrobox, there does seem to be some security concerns there.
There is this,
BE CAREFUL: if you use docker, the daemon runs as root by default, so root inside the docker container can modify system stuff outside the container, if you have security concern for this, use podman that runs in rootless mode. Rootless docker is still not working as intended and will be included in the future when it will be complete.
That said, it is in the works to implement some sort of decoupling with the host, as discussed here: #28 Sandboxed mode