|
|
|
|
|
|
by dyingkneepad
1096 days ago
|
|
|
It really depends on why you want to have separate environments. What's the thing you're trying to avoid here? Anything that requires graphics is much more efficiently done in the Bare Metal machine. You can have a separate user for those or some other kind of abstraction that's not a virtual machine. You can also use Network Namespaces directly, using "ip netns" or even cgroups. That way you can run every single program natively, but have multiple network environments for them. You can go for the jails-style containers where you also run everything natively but on a different chroot, without having a Kernel running on top of a Kernel. For this I recommend creating a chroot with debootstrap or febootstrap and then launching it with systemd-nspawn. You can also have specific applications running on their own "jail" with /usr/bin/firejail. Now if you want even stricter separation you'll have to go with full virtualization (guest Kernel running on top of Host Kernel). This is much worse in terms of efficiency of used resources, but gives you the most separation from one thing to another. For that you can use virt-manager or just Virtualbox. |
|
|