On Mon, Aug 12, 2019 at 11:07 AM Benjamin Kircher benjamin.kircher@gmail.com wrote:
(… I definitely need to play around with Silverblue to learn what they are doing.)
I'm pretty sure Silverblue will be rebased on Fedora CoreOS which recently released a preview. I'm not sure what the time frame for that is, but maybe that work will be concurrent with work on a release version of Fedora CoreOS. The central means of installing/uninstalling and running applications on a future immutable system is flatpak. But you don't need to commit a system to Silverblue to use and test flatpak applications on Fedora 29/30 Workstation. Containerization is an option not a requirement of flatpaks, as is running it as a systemd --user instance.
Since layering is permitted with rpm-ostree based systems, using overlayfs, there still needs to be some way for the per-user service manager to enforce limits on unprivileged programs. The use of the word "limit" might be misleading. Perhaps instead it should be on defining and preserving the user interface responsiveness, whether that's CLI or GUI, so that control isn't lost. i.e. the unprivileged program gets the leftover resources, it's not a peer with the user interface. Promoting the active user interfaces relative to the unprivileged task would provide a way of effectively containing the unprivileged tasks, by one always being able to preempt the other.