NipCells
In Progress
NipCells are lightweight isolation containers — the Nexus answer to Flatpak and Snap, without the overhead.
What Is a NipCell?
A NipCell is a sandboxed execution environment for an NPK (application package). It provides:
- Filesystem isolation: GoboLinux-style symlink trees give each application its own view of the filesystem
- Capability restriction: Each NipCell gets a tailored capability set (pledge mask + unveil paths)
- Resource limits: Kinetic Economy budgets prevent resource abuse
- Clean removal: Uninstalling a NipCell removes all its files, state, and capabilities
How NipCells Work
/Programs/Firefox/120.0/ # Package files (read-only)
/Cell/<fiber-id>/ # Private runtime state
/Bus/hud/<surface-id> # Display endpoint
/Data/apps/firefox/ # Persistent app dataThe NipCell creates a filesystem view that combines:
- Read-only access to the package directory
- Private runtime state in
/Cell - Persistent data in
/Data/apps/ - Nothing else (unless explicitly unveiled)
NipCells vs Flatpak
| Feature | Flatpak | NipCells |
|---|---|---|
| Runtime size | ~500MB per runtime | No runtime — packages are self-contained |
| Isolation | bwrap + seccomp | Capability Algebra + pledge/unveil |
| Deduplication | Shared runtimes | CAS-level deduplication via NexFS |
| Portal system | D-Bus portals | ION Ring endpoints in /Bus |
| Update mechanism | OSTree deltas | DAG-based incremental updates |
| Dependency model | Runtimes + extensions | Flat dependency resolution via nip |
NipCells vs Docker
NipCells are for applications, not services. For service-level isolation, see Nexters.
Key difference: NipCells use capability-based isolation (no virtualization, no namespaces, no cgroups). They are much lighter than Docker containers — startup is near-instant because there is no container runtime to initialize.