Hello, Running Suse, I wish to allow users the ability to use some package manager to install software in a sandbox area while protecting the underlying core software. Something similar to Darwinports and Fink for Mac OS X and Blastwave for Solaris. Does Suse (or really in Linux distro for that matter) have some equivalent means? I am aware of using "rpm --root --dbpath" but that too assumes the RPMS themselves are relocatable. I don't have personal experience with Gentoo's portage but I have read the forum post of a port of Portage over to suse 9.0 years ago (http://forums.suselinuxsupport.de/index.php?showtopic=796&hl=portage ) but that seemed to be a one-off project that never lifted of the ground. Portage is interesting because you compile everything on the fly and that gives you the flexibility to presumably --prefix your software elsewhere either on Portage setup or during emerging (though it seemed the configuration of the prototype was overlaying the base distro's software which is not appealing.) Again, I wish to offer my linux user base a workstation whereby they can't alter the underlying base software so that we don't get requests to re-image their workstation after they have broken it due to a bad install, while on the other hand give them a means to automate software installations into some sandbox like some opensource Darwin and Solaris projects are giving their users. Surely there are Linux alternatives here. Right? The only other idea I can concieve is sudo'izing current tools like smart with preconfigured channels AND to wrap smart itself so that it checks a blacklist of software that under any circumstances can not be updated. The goal here is to again allow software installations not included in our base 'image' to be installed by users themselves, but still gives system administators some control over what those packages are so as to reduce the likelihood of the helpdesk ticket stating they fried their workstation because they updated the kernel or some other basic package to their demise. You may say to me, "Just create your own repository base of pre-approved packages and allow your users to pull from that." It's the 'pre-approval' process as well as the mirroring and basic upkeep of a local respository that I wish to avoid. The blacklisting will cause some upkeep, but I forsee that being easier to create, maintain and manage than a whitelist which a local repository implies (though pre-approved channels is a form of whitelisting which is fine). Any other ideas? Any tools already created or in the works? Or should I just attempt to create a blacklist software "registery" - sorry for the M$ profanity there ;-) Thanks, -Daniel