https://wiki.debian.org/DontBreakDebian ... nkenDebian
However, those who have elected to run systemd as their init system can take advantage of it's inbuilt namespace isolation scheme, systemd-nspawn, to run a Debian sid system in a lightweight, simple container within the stable system.
To set this up, first create the necessary directories for machinectl(1):
- Code: Select all
# mkdir -p /var/lib/container/sid
`btrfs subvolume create` could be used instead for the sid system root directory.
Then install a basic sid system there:
- Code: Select all
# debootstrap sid /var/lib/container/sid http://httpredir.debian.org/debian
https://packages.debian.org/jessie/debootstrap
Now start a root shell in the container:
- Code: Select all
# systemd-nspawn --directory=/var/lib/container/sid
From there, add a new user:
- Code: Select all
# adduser $user
Replace $user with the desired username, make sure that this (along with the UID & GID) matches the username for the "host" Debian stable system.
Now install sudo and add the user to that group:
- Code: Select all
apt install sudo
gpasswd -a $user sudo
The shell can then be closed by holding down <Ctrl> and pressing the "]" key three times in quick succession (or by running `poweroff`).
Once this is done, log in to the system as the normal user with:
- Code: Select all
# systemd-nspawn --boot --directory=/var/lib/container/sid
From there, the desired package(s) can be installed safely without disturbing the stable host.

To run a program from the container, simply set $DISPLAY explicitly; for example, to run `foobar`:
- Code: Select all
DISPLAY=:0 foobar
The container can be started automatically at boot with:
- Code: Select all
# systemctl enable systemd-nspawn@sid.service
Once the container is running, $application can be started with this general format:
- Code: Select all
# systemd-nspawn --directory=/var/lib/container/sid --setenv=DISPLAY=:0 --user=$user $application
Here is a usage example for running Mandelbulber2:
https://forums.bunsenlabs.org/viewtopic ... 230#p34230
Further parameters may be needed depending on the application, consult systemd-nspawn(1)
For users who elect not to run systemd as their init system, see this guide by @fsmithred:
viewtopic.php?p=622055#p622055