It means that if someone breaks out of your container, they can only do things that user can do.

Can that user access your private documents (are these documents in a container that also runs under that user)?

Can that user sudo?

Can that user access SSH keys and jump to other computers?

Generally speaking, the answer to all of these should be “no”, meaning that each group of containers (or risk levels etc) get their own account.

gedit in native Linux or WSL2. use it for Ansibke, python, C, bash, basically anything I need to edit. Has a git plugin, bottom terminal pane, left open files / current folder pane. Does all I need it to do, and it’s not a huge fuckoff electron app.

The linked article — and others — explain that in Android 10+, (a) executable binaries can no longer reside in a read/write directory, and (b) access to /sdcard will go away. Simply put, these changes destroy my application’s ability to function, and that of Termux as well.

That sounds like proper security to me? Inability to access the user’s storage is a bit lame, but they’ve been moving to nicer APIs for that anyway.

Android is a mobile phone OS, not desktop / embedded Linux.

One thing that people miss - either out of ignorance, or because it goes against the narrative - is that systemd is modular.

One part handles init and services (and related things like mounts and sockets, because it makes sense to do that), one handles user sessions (logind), one handles logging (journald), one handles networking (networkd) etc etc.

You don’t have to use networkd, or their efi bootloader, or their kernel install tool, or the other hostname/name resolution/userdb/tmpfiles etc etc tools.

I’m going to agree with Burstar here - if you’re setting out to prove that something is possible, you’re going to give it the best chance you can. Once you know its possible (whether its something like using an arduino to simulate an old price of hardware, or if a compound can cause cancer), you go and refine it down.