Why ? - @todox explained, that it was a deliberate choice to use a standalone qube !
My question was simply to learn about pros & cons for the different approaches … - and -
… I never spent the time myself to inform the community about my trials 
Thanks. I was checking if I am missing or I could incorporate something into my threat model. Now that I see I have no need for that, it is clear why I was asking the question.
No extra security for me in using distrobox.
Thats true, if you want to add an extra security level, then check this project GitHub - Gerharddc/Litterbox: Somewhat Isolated Development Environments · GitHub
Interesting ! - Do you have a working ‘litterbox’ container on your Qubes OS system ?
I tried to use it when I used nix before. Unfortunely there so much limitations, some kernel options just restricted there. For example you cannot make a ICMP (ping) request inside the container. If you want to make it works with any apps that isn’t possibly. But of course you can make a security wrapper for some apps using it. For my threat model xen vms security level is enough, so I don’t using litterbox daily.
Thanks for your feedback. - I spent some time yesterday, getting ‘litterbox’ working in Test-VMs using Debian 13 & Fedora 43 as their base template - and - failed to build a ‘litterbox’ container / sandbox.
they had a prebuild binaries Release v0.6.0 · Gerharddc/Litterbox · GitHub, you could try to use them
I did use this pre-built binary in both Test-VMs.
I succeeded to ‘define’ a first ‘litterbox’ container - but - failed to ‘build’ it in both VMs.
The error msg for example for the FL43-based VM ( selecting ‘openSUSE-Tumbleweed’ as the base image to be used ) was:
...
Resolving package dependencies...
Problem: 1: the to be installed fish-4.7.1-1.1.x86_64 requires 'awk', but this requirement cannot be provided
not installable providers: gawk-5.4.0-1.1.x86_64[repo-oss]
Solution 1: deinstallation of busybox-gawk-1.37.0-41.4.noarch
Solution 2: do not install fish-4.7.1-1.1.x86_64
Solution 3: break fish-4.7.1-1.1.x86_64 by ignoring some of its dependencies
Choose from above solutions by number or cancel [1/2/3/c/d/?] (c): c
Error: building at STEP "RUN zypper in -y fish": while running runtime: exit status 4
Error: Podman command failed
[user@Test-VM02 ~]$
So far I did not succeed to resolve this error.
1 Like
I spent a bit more time on this issue - and - I was able to
verify that not all of the dependencies / requirements for ‘Litterbox’ are stated clearly enough.
I did open a discussion on the ‘Litterbox’ repository.
It was answered by Gerhard quickly - and - it’s clear now that my ~simplistic~ approach was not good enough …
I’ll open a separate topic for using ‘litterbox’ in Qubes OS.
PS: Using ‘distrobox’ simplified my studies / work quite a bit. - Thanks a lot !