• InnerScientist@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    4 months ago

    Define “sandboxed”

    Application can only access a limited part of the system? = use flatpak or build a container/VM image using the nix pkgs.

    Application can be uninstalled completely and has separate libraries? I prefer nix.

  • Noxious@fedia.io
    link
    fedilink
    arrow-up
    5
    ·
    4 months ago

    I’d say Nix requires some experience, so if you are new to Linux, definitely go with Flatpak. I believe Flatpak also provides stronger sandboxing.

  • aarroyoc@lemuria.es
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    4 months ago

    Flatpaks are easier to use in most distros. If you’re using NixOS, then Nix of course. But if you want to do a lot of CLI stuff, then Nix may be better too.

  • thedeadwalking4242@lemmy.world
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    4 months ago

    Nix apps are not sandboxed and you have no control of what resources they have access to or don’t, unless you wrap them with some other program

    • Joenocide Biden@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      They can be isolated because Nix has in-built support for three different levels of sandboxing - virtual machines, containers as well as ephemeral shells.