Doesn't Flatpak and and OCI container systems like Docker, Podman and similar systems
- encapsulate and distribute programs and it's dependencies independent from a Linux systems package management and
- run processes by reusing the OS's kernel (in comparison to VM's) but still in some degree of isolation from the host system and other processes?
If that's true what's the difference?
Flatpak's FAQ say:
Is Flatpak a container technology?
It can be, but it doesn’t have to be. Since a desktop application would require quite extensive changes in order to be usable when run inside a container you will likely see Flatpak mostly deployed as a convenient library bundling technology early on, with the sandboxing or containerization being phased in over time for most applications. In general though we try to avoid using the term container when speaking about Flatpak as it tends to cause comparisons with Docker and rkt, comparisons which quickly stop making technical sense due to the very different problem spaces these technologies try to address. And thus we prefer using the term sandboxing.
Unfortunately this talks a bit in riddles instead if really elaborating the subject. Another questions in the FAQ is this:
Can Flatpak be used on servers too?
Flatpak is designed to run inside a desktop session and relies on certain session services, such as a D-Bus session bus and, optionally, a systemd --user instance. This makes Flatpak not a good match for a server.
However, the build features of Flatpak run fine outside a session, so you can build things on a server.
I guess Flatpak is simply targeted to package, distribute and run desktop applications.
I find this is sad, because there are a whole series of container systems and naively thought it would be good if we had one system that can handle desktop programs and background programs alias servers, services or daemons and OCI containers are already standardized.
Yes, some desktop programs are just a single process while some services will be executed as a zillion instances some data centre, but every desktop system has background processes, too. Maybe a background process on a desktop system rarely needs features like quotas but both environments can leverage from packaging, distributing programs together with their dependencies and run them in isolation. Are there any arguments against e.g. running a desktop application inside Podman? Actually that raises the question why some of that isolation stuff does not get transferred to ordinary Linux processes.
I vaguely remember that Docker depends on a user session or a desktop system, too, but I don't remember exactly and can't find anything about it now, so maybe I am simply remembering wrong about this. I would probably prefer Podman over Docker anyway because Podman does not need a daemon running all the time.
Update: I found this article with touches the subject: https://opencontainers.org/posts/blog/2018-11-07-bringing-oci-images-to-the-desktop-with-flatpak/
And Flatpak docs have also something to say: https://docs.flatpak.org/en/latest/under-the-hood.html
