> [Flatpak, Podman?]: This is on our to-do list, but it'll take some effort because Flatpak is pretty isolated from the rest of the system and apps, so we'd have to find a way to expose installed apps, the Docker binary, and the Docker socket, and many other utilities

Vinegar wraps WINE in a Flatpak.

The vscode flatpak works with podman-remote packaged at a flatpak too; or you can call `host-spawn` or `flatpak-spawn` like there's no container/flatpak boundary there.

Nested rootless containers do work somehow; presumably with nested /etc/subuids for each container?

Distrobox passes a number of flags necessary to run GUI apps in rootless containers with Podman. Unfortunately the $XAUTHORITY path varies with each login on modern systemd distros.