Right now the distrobox's containers are created in privileged mode and share a lot of sensitive host's folder.
This is done because the aim is tight integration with the host, not sandboxing.
It would be nice to have an optional (see: disabled if not specified) --unprivileged or a --sandbox flag in distrobox-create to have a more isolated container to work with.
Right now the distrobox's containers are created in privileged mode and share a lot of sensitive host's folder.
This is done because the aim is tight integration with the host, not sandboxing.
It would be nice to have an optional (see: disabled if not specified)
--unprivilegedor a--sandboxflag indistrobox-createto have a more isolated container to work with.