{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib2fhy7opskcmd4zcdwuoogwwqmpzol5r6xrkyahkahfhx46co2b4",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mmfno7u4hoy2"
  },
  "path": "/t/segmentation-of-apps-through-vms-containers-on-debian/38065#post_1",
  "publishedAt": "2026-05-21T23:55:29.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "Hi PG,\n\nI’m slowly moving untrusted apps to containers or VMs to limit their interaction with my documents on my personal system. I have a couple VMs in mind (one for each app). Having a new VM for each untrusted app becomes a hassle (and already is one). I know QubesOS solves this, but I would like to see how much of this can be done on a Debian-based system.\n\nTo provide more context:\n\n  * I use KVM/Qemu for virtualization so it would be through that\n  * I also use flatpaks, so this use case is for apps that are in AppImage form (not trying to use firejail for this - due to high SUID) and for apps that are binaries\n  * I would say my case is similar to “App Qube” from QubesOS\n  * I could use containers, as I have a hunch it will be less file size than a full-on debian VM. However, I will need to enable vnc or RDP on the container to access it.\n  * These apps are crucial for personal tasks, so I won’t be able to just stop using them.\n\n\n\nHas anyone dealt with this niche use case before? If so, how did you end up segmenting your system?",
  "title": "Segmentation of apps through VMs/Containers on Debian"
}