Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
But building packages happens in sandbox
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
But building packages happens in sandbox
I think it should be possible to use bwrap to sandbox programs.
Even when using home manager or any other dotfile manager your $HOME folder is still filled with junk. It maybe in your controlled repo but it still ends up as symlink to that repo.
I have :q to exit too since i was trying to exit shell with :q. I guess (n)vim users cant exit their shells :)
Relevant xkcd https://xkcd.com/610/