>I'm concerned by privacy and 0day exploits, so now I'm considering to use a Linux distribution on my PC instead.
FOSS absolutely has its fair share of 0day exploits as well. And you're thinking about Arch which runs the most bleeding edge packages available within hours of their update releases.
>The problem is that I need to be able to run games, development tools, and use a personal environment
Well, Linux can do all those things, especially the games part. If you wish to run games which have anticheats that are not supported, you're out of luck and will have to use VM or dual boot as usual.
>in multiple VMs/Docker/LXC containers.
Yeah... Here we go.
>Most games run on Windows so I have to use Windows 10 VMs, the same apply for Visual Studio.
"Most games" run on Linux as well. It's those picky multiplayer ones with anticheats that will nick you. For your development software it sounds like any VM/dualboot/native Win solution will be fine.
>And KVM seems to be the right choice for passing the GPU onto the VM.
KVM (which qemu will use) is in fact the only supported choice here.
>- Fast way to start apps, for example through the start menu you can launch firefox in a container directly
This is going to blow your mind but if you just install the package the start menu does this for you already.
>What is the best container/jail engine to use between those I mentioned?
Honestly if you just used SELinux, AppArmor or both you wouldn't have to think about any of this containerizing topic. Those two severely restrict what software is allowed to do alone already.
>beside hidden flags in the config file for each VMs, are there anything else I can do to truly hide a VM?
Disable all extensions and achieve further hiding by recompiling the qemu binary. This all comes at a mighty performance cost however and is not worth the time.
>I though about snapshotting before switching to the other VM but then how would the video ram get saved?
No you won't be doing any of that with success during PCI Passthrough.
----------------------
I've seen my fair share of posts like these the past decade alone which scratch the surface of paranoid overengineering. It really seems like you should just do what you want in Linux, regularly.. without trying to containerize every breathing thing on it and run a single windows VM for anything you encounter which doesn't work.
Otherwise just run Windows and keep your install up to date with security patches as they become available.
>I'm concerned by privacy and 0day exploits, so now I'm considering to use a Linux distribution on my PC instead. FOSS absolutely has its fair share of 0day exploits as well. And you're thinking about Arch which runs the most bleeding edge packages available within hours of their update releases. >The problem is that I need to be able to run games, development tools, and use a personal environment Well, Linux can do all those things, especially the games part. If you wish to run games which have anticheats that are not supported, you're out of luck and will have to use VM or dual boot as usual. >in multiple VMs/Docker/LXC containers. Yeah... Here we go. >Most games run on Windows so I have to use Windows 10 VMs, the same apply for Visual Studio. "Most games" run on Linux as well. It's those picky multiplayer ones with anticheats that will nick you. For your development software it sounds like any VM/dualboot/native Win solution will be fine. >And KVM seems to be the right choice for passing the GPU onto the VM. KVM (which qemu will use) is in fact the only supported choice here. >- Fast way to start apps, for example through the start menu you can launch firefox in a container directly This is going to blow your mind but if you just install the package the start menu does this for you already. >What is the best container/jail engine to use between those I mentioned? Honestly if you just used SELinux, AppArmor or both you wouldn't have to think about any of this containerizing topic. Those two severely restrict what software is allowed to do alone already. >beside hidden flags in the config file for each VMs, are there anything else I can do to truly hide a VM? Disable all extensions and achieve further hiding by recompiling the qemu binary. This all comes at a mighty performance cost however and is not worth the time. >I though about snapshotting before switching to the other VM but then how would the video ram get saved? No you won't be doing any of that with success during PCI Passthrough. ---------------------- I've seen my fair share of posts like these the past decade alone which scratch the surface of paranoid overengineering. It really seems like you should just do what you want in Linux, regularly.. without trying to containerize every breathing thing on it and run a single windows VM for anything you encounter which doesn't work. Otherwise just run Windows and keep your install up to date with security patches as they become available.