Portable is a sandbox framework targeted for Desktop usage and offers ease of use for distro packagers, which should work on most recent systems:

• enables unprivileged user namespaces

• uses systemd >=258

• Follows the FHS (Filesystem Hierarchy Standard)

  • Note that /lib /lib64 /bin /sbin should be symlinks to their respective locations under /usr

• Does not have mount points under /usr/bin, and use a supported fs of OverlayFS (NOT BcacheFS)

• MUST NOT have spaces in various paths until all parsing logic is fully examined

See Docs

• Minecraft
• Arch Linux
  • Arch Linux CN Repository
    • Only selected free/OSS apps
    • Updates faster
  • Portable for Arch
    • Configure paru to use portable-arch: https://github.com/Kraftland/portable-arch
    • Current support status (as of 30 Nov 2025): 29 packages in repo.

1. Running untrusted code is never safe, sandboxing does not change this.
2. On KDE Plasma window grouping may not work properly unless your desktop file name exactly matches certain arguments.
   • This is an KWin issue
3. Due to some desktop portal implementations being insecure (without requiring user consent), feature(s) may only be available on GNOME:
   • Location Portal
4. Portable acts like Flatpak, to trick XDG Desktop Portal.
   • The correct way for this situation is to specify another sandboxing engine in XDP, which I have a PoC here
     • I barely understand C at all! Please help if you will.
   • The other possibly "correct way" is to wait until busd#34, and XDP's implementation.
     • Is it dead? idk.

Discuss Development at #portable-dev:matrix.org

Pools is a user friendly sandbox generator. To create and enter a user sandbox, simply execute portable-pools with your sandbox name.

Example: Create a test sandbox:

portable-pools test

╰─>Portable Sandbox·top.kimiblock.test·🧐⤔

Usage:

portable-pools [Options] <Sandbox Name>

Options:
	--quit: Terminates the sandbox

See Docs

1. Portable fails with something like no such device
   • Try reboot your system
   • Portable 11.2 should address this by loading the kernel module in advance
2. Portable fails with something like invalid argument
   • BcacheFS is not supported, or you have mountpoints under /usr/bin and /usr/lib
3. Portable eats a full CPU core!
   • Try updating your microcode first, if not fixed then report an issue with PORTABLE_LOGGING=debug environment variable.

Start portable with environment variable _portableConfig, which can be 1) the appID of the sandbox, 2) an absolute path (if exists), 3) a file name interpreted as $(pwd)/${_portableConfig}. It searches for each of them respectively.

• Debugging output can be enabled using a environment variable PORTABLE_LOGGING=debug

To manually execute programs instead of following the launchTarget config, start portable with argument --actions debug-shell. This will open a bash prompt and gives you full control of the sandbox environment.

Portable and any of its social environment follows the Kraftland Code of Conduct. Please be sure not to violate such rule set.

Portable follows a major.minor.patch version scheme. We thrives to provide a stable experiences with no breaking changes, however, if said change is necessary, will land in a major release.

The patch release is exclusive for bug fixes. Whereas minor releases contain new features. If a feature or a set of features needs time to test or is important enough, we conduct a major release.

Portable has and always will be only supporting the latest release. Generally users can upgrade without manual intervention, but between major releases it's advised to run systemctl --user stop portable.slice to stop the portable framework.