Linux Platform Guide

Zero on Linux provides the most comprehensive work profile isolation using LXC containers, namespace isolation, and native WireGuard integration.

Architecture

Linux isolation is achieved through multiple security layers:

  • LXC Containers: Process and filesystem isolation
  • Linux Namespaces: PID, network, mount, user namespaces
  • cgroups v2: Resource limits and accounting
  • WireGuard VPN: Network traffic isolation
  • LUKS Encryption: Data at rest encryption
  • Xpra: GUI forwarding with visual boundaries

Supported Distributions

Distribution Versions Status
Ubuntu 20.04, 22.04, 24.04 ✅ Full support
Debian 11, 12 ✅ Full support
Fedora 38, 39, 40 ✅ Full support
Arch Linux Rolling ✅ Full support
RHEL/CentOS 8, 9 ✅ Full support
openSUSE Leap 15, Tumbleweed ⚡ Beta

CLI Commands

# Profile management
zero start          # Start work profile
zero stop           # Stop work profile  
zero status         # Check status
zero restart        # Restart profile

# Application management
zero launch slack   # Launch app in work profile
zero list           # List running work apps
zero kill slack     # Kill work app

# File operations
zero copy /path/to/file       # Copy file to work profile
zero export /work/path        # Export from work (if allowed)

# Diagnostics
zero doctor         # Check system compatibility
zero logs           # View logs
zero debug-info     # Collect debug information

Desktop Integration

Visual Boundaries

Work profile windows display a colored border (default: blue) to clearly distinguish them from personal applications. 

# Configure visual boundary
zero config set gui.visual_boundary.color "#3b82f6"
zero config set gui.visual_boundary.width 3

System Tray

The Zero system tray icon shows:

  • Work profile status (running/stopped)
  • VPN connection status
  • Quick actions (start, stop, launch apps)
  • Notifications from your organization

Container Runtime

Zero supports multiple container runtimes:

# Use LXC (default, recommended)
zero config set container.runtime lxc

# Use Podman (rootless option)
zero config set container.runtime podman

# Use Docker
zero config set container.runtime docker
LXC Recommended: LXC provides the best performance and security for system container workloads. Use Podman/Docker only if LXC is not available.

Network Configuration

# Check VPN status
zero vpn status

# Reconnect VPN
zero vpn reconnect

# View network config
zero network show

Performance Tuning

# Allocate more resources
zero config set container.default_memory 4GB
zero config set container.default_cpu 2

# Enable hardware acceleration
zero config set gui.gpu_passthrough true

Troubleshooting

LXC Not Available

# Install LXC
sudo apt install lxc lxc-utils  # Debian/Ubuntu
sudo dnf install lxc            # Fedora

# Enable for user
sudo usermod -aG lxc $USER

Display Issues

# Check Xpra status
zero gui status

# Restart GUI session
zero gui restart

Related Guides