cross-posted from: https://discuss.online/post/34255100
Thought I’d create a distinct thread from the previous one asking about daily use, because I really do want to hear more on people’s pain points. Great to know people are generally sounding pretty positive in those posts who recently switched, but want to know your difficulties as well! This way old and new users can share their thoughts, hopefully to inspire a respectful discussion.
My biggest challenge is really around Podman on Bazzite. It is just different enough from Docker to be annoying. I had the system lock up, and the Podman containers / pods (whatever you want to call them) would not launch. In fact, the system claimed they didn’t even exist. I was looking for the files and logs all over to try to figure it out. I ended up doing a clean shutdown and restart and then the container started without issue.
The second issue I have is also related to my Jellyfin container/pod. I have gone through all the recommended settings and troubleshooting, adding permissions exceptions, all the podman settings, and I still cannot get it to take advantage of the Nvidia acceleration unless I put SELinux in permissive mode, which the Internet says is a bad thing.
Other than, honestly Bazzite has been great as my daily driver for about 4 months now.
I am also The Internet, and I say unless it is an internet-exposed service, just do it. More security is never bad of course, but process isolation and privilege escalation prevention is pretty low on the list of security measures you should focus on. First thing, unless it’s meant to be a “public” service (one that someone without pre-authorization may access), it shouldn’t be exposed to the internet at all, and that alone brings the threat model from “definitely will be scanned and automatically attacked, decent chance it gets pwnd if you don’t have good passwords and update often” to “someone needs to be both skilled and targeting you”. Spend an afternoon or two setting up a VPN so you can access your services from wherever, and share them with select people.
SELinux is the cause of many headaches, and its main proposition is against untrusted code or in a shared system. If it’s your box, in your network, and you’re not aiming for a Red Hat certification, it’s ok to disable it.