containers / toolbox Goto Github PK

Tool for interactive command line environments on Linux

License: Apache License 2.0

Shell 48.79% Meson 1.40% Go 44.17% Dockerfile 4.73% Python 0.46% C 0.45%

toolbox's Introduction

Toolbx is a tool for Linux, which allows the use of interactive command line environments for development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI.

Toolbx environments have seamless access to the user's home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc..

This is particularly useful on OSTree based operating systems like Fedora CoreOS and Silverblue. The intention of these systems is to discourage installation of software on the host, and instead install software as (or in) containers — they mostly don't even have package managers like DNF or YUM. This makes it difficult to set up a development environment or troubleshoot the operating system in the usual way.

Toolbx solves this problem by providing a fully mutable container within which one can install their favourite development and troubleshooting tools, editors and SDKs. For example, it's possible to do yum install ansible without affecting the base operating system.

However, this tool doesn't require using an OSTree based system. It works equally well on Fedora Workstation and Server, and that's a useful way to incrementally adopt containerization.

The Toolbx environment is based on an OCI image. On Fedora this is the fedora-toolbox image. This image is used to create a Toolbx container that offers the interactive command line environment.

Note that Toolbx makes no promise about security beyond what's already available in the usual command line environment on the host that everybody is familiar with.

Installation & Use

See our guides on installing & getting started with Toolbx and Linux distro support.

toolbox's People

Contributors

Stargazers

Watchers

Forkers

mscherer lacoste yuqi-zhang edneymatias mi1os johrstrom owtaylor mildred cgwalters tosmi langdon tpopela felipeborges mike-nguyen zerotri abiosoft allanday fmuellner pnemade cz172638 cjao lingcalvin eriksjolund harrymichal juhp ramcq cho2 bonomali imciner2 dopeyyyy tagoh flannon tristancacqueray dustymabe sudo-give-me-coffee atomlee1 kronenpj debarshiray nanonyme seirdy networkempire-55467-sclack-com sigmavirus24 ashang sysbind bureado tomsweeneyredhat sghosh151 bazilsansom maxamillion dfaggioli lachmanfrantisek jmennius giobim enigmacurry cryobry fejfighter bison njam deenamanick apollusehs-oss llunved yann-soubeyrand abitrolly foxboron tudurom juanje masch wasv zarch sohankunkerkar morucci urstrulyprasad argylelabcoat markllama honza0297 ljrk0 onuruluag likan999 eiffel-fl returntrip fidencio isabella232 jkbjh changwuf31 hexagonrecursion mjlbach boydkelly poweranimal kaine119 xpmo clashthebunny sshyran preps-pp-ua shyran-systems andrewaylett pierreprinetti runlevel5 azimo1 emiljoha bryanasdev000

toolbox's Issues

Inherit environment variables on entering

Entering the toolbox should keep as much from the original environment as possible to help have a seamless experience. This is a similar concern as issue #20. As such, I believe the environment variables should be inherited within the toolbox.

add user's locale to fedora-toolbox user image

I think fedora containers only include glibc-langpack-en by default.
So to handle this better I suggest either fallback to en_US.utf8 or C.utf8, but I don't know how to do that, so better would be to add the glibc-langpack-xx package for the user's locale to the user fedora-toolbox image.

Locale issue, need to install glibc-langpack-* package

using stack to build a haskell program inside Fedora toolbox, I got a strange error that I could track down to a locale issue. There were other issues such as less not showing up UTF-8 byte sequences. Running locale showed up errors:

$ locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG=fr_FR.UTF-8
LC_CTYPE="fr_FR.UTF-8"
LC_NUMERIC="fr_FR.UTF-8"
LC_TIME="fr_FR.UTF-8"
LC_COLLATE="fr_FR.UTF-8"
LC_MONETARY="fr_FR.UTF-8"
LC_MESSAGES="fr_FR.UTF-8"
LC_PAPER="fr_FR.UTF-8"
LC_NAME="fr_FR.UTF-8"
LC_ADDRESS="fr_FR.UTF-8"
LC_TELEPHONE="fr_FR.UTF-8"
LC_MEASUREMENT="fr_FR.UTF-8"
LC_IDENTIFICATION="fr_FR.UTF-8"
LC_ALL=

Installing the glibc-langpack-fr package (in my case) solved the issue. That should probably be performed when the toolbox is created the first time. Or it could be part of the documentation.

handle empty $dbus_system_bus_path when creating

due to bug in libpod (containers/podman#1853) in latest fedora silverblue I decided to not workaround the problem but rather recreate new toolbox container. this sadly does not work because

tmpfs_size=8278198272

max_uid_count=65536

max_minus_uid=64536

uid_plus_one=1001

podman create --group-add wheel --hostname toolbox --interactive --name fedora-toolbox-mv:29 --network host --privileged --security-opt label=disable --tmpfs /dev/shm:size=8278198272 --tty --uidmap 1000:0:1 --uidmap 0:1:1000 --uidmap 1001:1001:64536 --volume /home/mv:/home/mv --volume /run/user/1000:/run/user/1000 --volume : --volume /dev/dri:/dev/dri fedora-toolbox-mv:29 /bin/sh
invalid host path, must be an absolute path ""

echo '/usr/bin/fedora-toolbox: failed to create container fedora-toolbox-mv:29'
/usr/bin/fedora-toolbox: failed to create container fedora-toolbox-mv:29

exit 1

exit

this happens because dbus_system_bus_path can be empty but there is no check for this and it is blindly added as a parameter to podman create

    if ! $prefix_sudo podman create \
<snip>
                 --uidmap $uid_plus_one:$uid_plus_one:$max_minus_uid \
                 --volume $HOME:$HOME \
                 --volume $XDG_RUNTIME_DIR:$XDG_RUNTIME_DIR \
                 --volume $dbus_system_bus_path:$dbus_system_bus_path \

so we pass empty '--volume :'

this could be easily fixed the same way as $set_dbus_system_bus_address in enter

Clear the list of effective capabilities to match the host

Environment:

fedora-silverblue: 29.20181107.0 (2018-11-07T01:28:15Z)
fedora-toolbox: 02f9650

runc version 1.0.0-rc5+dev
commit: 7463241d645ba55b05b103673e322542661b0ad8
spec: 1.0.1-dev

Steps to reproduce:

enter fedora-toolbox
mkdir /tmp/testx
chmod 0 /tmp/testx
mkdir /tmp/testx/test

Expected: Permission denied creating sub-directory
Actual: sub-directory created succesfully

Notes:
This issue currently blocks building libreoffice.
When using buildah to create a fedora:29 container and non-root user, the steps work as expected.

failed to create container

I'm having issues getting started with fedora-toolbox. I am able to recreate this reliably even in a freshly deployed VM.

➜  fedora-toolbox git:(master) ./fedora-toolbox -v create           
error reading image "fedora-toolbox-sean:29": error reading image: error locating image "fedora-toolbox-sean:29" for importing settings: error locating image with name "fedora-toolbox-sean:29": image not known
ERRO[0000] exit status 1                                
Error determining manifest MIME type for docker://localhost/fedora-toolbox:29: pinging docker registry returned: Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused
ERRO[0000] exit status 1                                
Getting image source signatures
Copying blob sha256:af19ce19de5ee70d1ca852c65f9927fab6ba09de2864af2acdf18d60774bffbd
 85.70 MiB / 85.70 MiB [===================================================] 10s
Copying blob sha256:6df1bfffa76ae08ebcb61de2ae28fbf5f8a84079b6cb316d095cdf4cb5e2bdbb
 182.56 MiB / 182.56 MiB [=================================================] 20s
Copying config sha256:032b427fbbf72ac22336638af319ef989a2b99e038ca087743c132ab71445ed8
 2.69 KiB / 2.69 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
bpasswd: Note: deleting a password also unlocks the password.
passwd: Note: deleting a password also unlocks the password.
Getting image source signatures
Skipping fetch of repeat blob sha256:8080f9aa6262000ad12d3d7e55331d275d412faa730b75c41bbf444b4ce056e9
Skipping fetch of repeat blob sha256:d399ea65472cbad41d640ec2a09724c2f11ac7fa52636b6cec6905e8fa490865
Copying blob sha256:e3518f4673581285a8029c0503002cbc08ff0c737a73449888b3d42af3522b36
 1.94 KiB / 1.94 KiB [======================================================] 0s
Copying config sha256:2c61bc9552383aad9f8e1579f8a31d7ba15a7bfa1b9fbc7f275ef98ca2422c8e
 1.43 KiB / 1.43 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
error looking up container "fedora-toolbox-sean:29": no container with name or ID fedora-toolbox-sean:29 found: no such container
Trying to pull docker.io/fedora-toolbox-sean:29...Failed
Trying to pull registry.fedoraproject.org/fedora-toolbox-sean:29...Failed
Trying to pull quay.io/fedora-toolbox-sean:29...Failed
Trying to pull registry.access.redhat.com/fedora-toolbox-sean:29...Failed
Trying to pull registry.centos.org/fedora-toolbox-sean:29...Failed
unable to pull fedora-toolbox-sean:29: 5 errors occurred:

* Error determining manifest MIME type for docker://fedora-toolbox-sean:29: Error reading manifest 29 in docker.io/library/fedora-toolbox-sean: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

* Error determining manifest MIME type for docker://registry.fedoraproject.org/fedora-toolbox-sean:29: Error reading manifest 29 in registry.fedoraproject.org/fedora-toolbox-sean: manifest unknown: manifest unknown
* Error determining manifest MIME type for docker://quay.io/fedora-toolbox-sean:29: Error reading manifest 29 in quay.io/fedora-toolbox-sean: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\n"
* Error determining manifest MIME type for docker://registry.access.redhat.com/fedora-toolbox-sean:29: Error reading manifest 29 in registry.access.redhat.com/fedora-toolbox-sean: unknown: Not Found
* Error determining manifest MIME type for docker://registry.centos.org/fedora-toolbox-sean:29: Error reading manifest 29 in registry.centos.org/fedora-toolbox-sean: manifest unknown: manifest unknown
./fedora-toolbox: failed to create container fedora-toolbox-sean:29

The README on this project doesn't make it obvious if there are any prerequisites that I should meet before running this, it sounds like I should just be able to run the script and get a working toolbox.

Let me know if I'm missing anything or if you need any more info to get an idea of what is happening.

Doesn't fallback to /bin/bash if $SHELL doesn't exist in the toolbox container

simply because the base image does not contain zsh. installing it fixes the problem of course

exec failed: container_linux.go:337: starting container process caused "exec: \"/usr/bin/zsh\":
stat /usr/bin/zsh: no such file or directory"
exit status 1

another small issue is that zsh does not expect PS1 but this not much of a problem

The toolbox should use the same time zone as the host

I spent a good hour trying to debug my C program not displaying the time correctly before I realized it worked from the host system 😅

Currently, the time zone inside the toolbox is always set to UTC, regardless of the host time. (You can see this with a file /etc/localtime.) I'm guessing the fix would be to bind the host's /etc/localtime into the container?

[RFE] Add sound support

Fedora Toolbox already supports GUI applications. It would be great if it could also have sound (PulseAudio or ALSA) support. :-)

alignment/comparison with coreos/toolbox

Let's discuss overlap with coreos/toolbox@598df78
here.

One broad concern I have here is the very name of the project; in Fedora we go to a lot of effort to have most of "Fedora" branding inside fedora-release, and there's a generic-release.

This one seems to assume a full desktop login and be run as non-root, where as for the coreos-toolbox we instead assume the user is running as root on a console, and should have full system wide privileges.

But really...the overlap in implementation and scope is big.

My 2c is that we call it "coreos-toolbox" as a project name, but just "toolbox" implicitly when discussing in a Fedora/CoreOS context.

Enter the toolbox as non root, self user

Running fedora-toolbox 0.0.2-1.fc29, when I'm in the toolbox, I am root.

When I'm working, I'm mostly working as a simple user, and I'd like to enter the toolbox as my own user and not have to use su after entering the toolbox. Also, I had to manually set up my own user in /etc/passwd inside the toolbox on first use.

Additionally, it would be nice if I could run specific commands after toolbox enter. For example, being able to run toolbox enter su $USER would help my use case (I could just create an alias then)

setup user: cannot set any additional groups in a rootless container

Encountered this error after doing ./fedora-toolbox create and fedora-toolbox enter. I only cloned the repo and then tried those commands. If there are other setup instructions needed, feel free to inform us. : ) Thanks!

[jwc@localhost fedora-toolbox]$ ./fedora-toolbox -v enter unable to start container "fedora-toolbox-jwc:29": container create failed: container_linux.go:336: starting container process caused "setup user: cannot set any additional groups in a rootless container" : internal libpod error ./fedora-toolbox: failed to start container fedora-toolbox-jwc:29

~/.config/containers/storage.conf oscillates between camel and lower case formats

I dont have any existing containers

Podman: version 1.0.0
Buildah: version 1.5
SB: version: 29.20190124.0

./fedora-toolbox create

unable to pull fedora-toolbox-me:29: 5 errors occurred:

* Error determining manifest MIME type for docker://fedora-toolbox-me:29: Error reading manifest 29 in docker.io/library/fedora-toolbox-me: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

* Error determining manifest MIME type for docker://registry.fedoraproject.org/fedora-toolbox-me:29: Error reading manifest 29 in registry.fedoraproject.org/fedora-toolbox-me: manifest unknown: manifest unknown
* Error determining manifest MIME type for docker://quay.io/fedora-toolbox-me:29: Error reading manifest 29 in quay.io/fedora-toolbox-me: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\n"
* Error determining manifest MIME type for docker://registry.access.redhat.com/fedora-toolbox-me:29: Error reading manifest 29 in registry.access.redhat.com/fedora-toolbox-me: unknown: Not Found
* Error determining manifest MIME type for docker://registry.centos.org/fedora-toolbox-me:29: Error reading manifest 29 in registry.centos.org/fedora-toolbox-me: manifest unknown: manifest unknown
./fedora-toolbox: failed to create container fedora-toolbox-me:29

podman info

{
    "Type": "buildah 0.0.1",
    "FromImage": "localhost/fedora-toolbox-me:29",
    "FromImageID": "f30c58dee8c7922ff93dab4ca085a63223b866c65e3cb34d5d0b03ed40e9be5a",
    "Config": "{\"created\":\"2019-01-24T13:49:36.765963759Z\",\"architecture\":\"amd64\",\"os\":\"linux\",\"config\":{\"User\":\"me\",\"Env\":[\"DISTTAG=f29container\",\"FGC=f29\",\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"NAME=fedora-toolbox\",\"VERSION=29\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"/bin/sh\"],\"Volumes\":{\"/dev/dri\":{},\"/dev/fuse\":{},\"/home/me\":{},\"/run/dbus/system_bus_socket\":{},\"/run/user/1000\":{}},\"WorkingDir\":\"/home/me\",\"Labels\":{\"architecture\":\"x86_64\",\"authoritative-source-url\":\"registry.fedoraproject.org\",\"build-date\":\"2018-09-27T10:36:46.898719\",\"com.redhat.build-host\":\"osbs-node01.phx2.fedoraproject.org\",\"com.redhat.component\":\"fedora-toolbox\",\"distribution-scope\":\"public\",\"license\":\"MIT\",\"maintainer\":\"Debarshi Ray \\[email protected]\\u003e\",\"name\":\"f29/fedora-toolbox\",\"release\":\"1\",\"summary\":\"Base image for creating Fedora toolbox containers\",\"usage\":\"This image is meant to be used with the fedora-toolbox command\",\"vcs-ref\":\"2bb7cf2dffd8da870555967015d7d6074cd9d1b4\",\"vcs-type\":\"git\",\"vendor\":\"Fedora Project\",\"version\":\"29\"}},\"rootfs\":{\"type\":\"layers\",\"diff_ids\":[\"sha256:8080f9aa6262000ad12d3d7e55331d275d412faa730b75c41bbf444b4ce056e9\",\"sha256:d399ea65472cbad41d640ec2a09724c2f11ac7fa52636b6cec6905e8fa490865\",\"sha256:1249db3c77ad001b27404926eb643fbe96db22d3c8f1d091e597e1297608a348\"]},\"history\":[{\"created\":\"2018-09-17T12:27:24Z\",\"comment\":\"Created by Image Factory\"},{\"created\":\"2018-09-27T10:47:13.800071Z\"},{\"created\":\"2019-01-24T13:49:36.765963759Z\"}]}",
    "Manifest": "{\"schemaVersion\":2,\"config\":{\"mediaType\":\"application/vnd.oci.image.config.v1+json\",\"digest\":\"sha256:f30c58dee8c7922ff93dab4ca085a63223b866c65e3cb34d5d0b03ed40e9be5a\",\"size\":1477},\"layers\":[{\"mediaType\":\"application/vnd.oci.image.layer.v1.tar\",\"digest\":\"sha256:8080f9aa6262000ad12d3d7e55331d275d412faa730b75c41bbf444b4ce056e9\",\"size\":268318720},{\"mediaType\":\"application/vnd.oci.image.layer.v1.tar\",\"digest\":\"sha256:d399ea65472cbad41d640ec2a09724c2f11ac7fa52636b6cec6905e8fa490865\",\"size\":309514240},{\"mediaType\":\"application/vnd.oci.image.layer.v1.tar+gzip\",\"digest\":\"sha256:a6be2e6c036b18f70eeff8feee80b2e3fefa5f1835b8e1010cc83d838174a414\",\"size\":2026}]}",
    "Container": "",
    "ContainerID": "",
    "MountPoint": "",
    "ProcessLabel": "",
    "MountLabel": "",
    "ImageAnnotations": null,
    "ImageCreatedBy": "",
    "OCIv1": {
        "created": "2019-01-24T13:49:36.765963759Z",
        "architecture": "amd64",
        "os": "linux",
        "config": {
            "User": "me",
            "Env": [
                "DISTTAG=f29container",
                "FGC=f29",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NAME=fedora-toolbox",
                "VERSION=29"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "/bin/sh"
            ],
            "Volumes": {
                "/dev/dri": {},
                "/dev/fuse": {},
                "/home/me": {},
                "/run/dbus/system_bus_socket": {},
                "/run/user/1000": {}
            },
            "WorkingDir": "/home/me",
            "Labels": {
                "architecture": "x86_64",
                "authoritative-source-url": "registry.fedoraproject.org",
                "build-date": "2018-09-27T10:36:46.898719",
                "com.redhat.build-host": "osbs-node01.phx2.fedoraproject.org",
                "com.redhat.component": "fedora-toolbox",
                "distribution-scope": "public",
                "license": "MIT",
                "maintainer": "Debarshi Ray \[email protected]\u003e",
                "name": "f29/fedora-toolbox",
                "release": "1",
                "summary": "Base image for creating Fedora toolbox containers",
                "usage": "This image is meant to be used with the fedora-toolbox command",
                "vcs-ref": "2bb7cf2dffd8da870555967015d7d6074cd9d1b4",
                "vcs-type": "git",
                "vendor": "Fedora Project",
                "version": "29"
            }
        },
        "rootfs": {
            "type": "layers",
            "diff_ids": [
                "sha256:8080f9aa6262000ad12d3d7e55331d275d412faa730b75c41bbf444b4ce056e9",
                "sha256:d399ea65472cbad41d640ec2a09724c2f11ac7fa52636b6cec6905e8fa490865",
                "sha256:1249db3c77ad001b27404926eb643fbe96db22d3c8f1d091e597e1297608a348"
            ]
        },
        "history": [
            {
                "created": "2018-09-17T12:27:24Z",
                "comment": "Created by Image Factory"
            },
            {
                "created": "2018-09-27T10:47:13.800071Z"
            },
            {
                "created": "2019-01-24T13:49:36.765963759Z"
            }
        ]
    },
    "Docker": {
        "created": "2019-01-24T13:49:36.765963759Z",
        "container_config": {
            "Hostname": "",
            "Domainname": "",
            "User": "me",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "DISTTAG=f29container",
                "FGC=f29",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NAME=fedora-toolbox",
                "VERSION=29"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "/bin/sh"
            ],
            "Image": "",
            "Volumes": {
                "/dev/dri": {},
                "/dev/fuse": {},
                "/home/me": {},
                "/run/dbus/system_bus_socket": {},
                "/run/user/1000": {}
            },
            "WorkingDir": "/home/me",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "architecture": "x86_64",
                "authoritative-source-url": "registry.fedoraproject.org",
                "build-date": "2018-09-27T10:36:46.898719",
                "com.redhat.build-host": "osbs-node01.phx2.fedoraproject.org",
                "com.redhat.component": "fedora-toolbox",
                "distribution-scope": "public",
                "license": "MIT",
                "maintainer": "Debarshi Ray \[email protected]\u003e",
                "name": "f29/fedora-toolbox",
                "release": "1",
                "summary": "Base image for creating Fedora toolbox containers",
                "usage": "This image is meant to be used with the fedora-toolbox command",
                "vcs-ref": "2bb7cf2dffd8da870555967015d7d6074cd9d1b4",
                "vcs-type": "git",
                "vendor": "Fedora Project",
                "version": "29"
            }
        },
        "config": {
            "Hostname": "",
            "Domainname": "",
            "User": "me",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "DISTTAG=f29container",
                "FGC=f29",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NAME=fedora-toolbox",
                "VERSION=29"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "/bin/sh"
            ],
            "Image": "",
            "Volumes": {
                "/dev/dri": {},
                "/dev/fuse": {},
                "/home/me": {},
                "/run/dbus/system_bus_socket": {},
                "/run/user/1000": {}
            },
            "WorkingDir": "/home/me",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "architecture": "x86_64",
                "authoritative-source-url": "registry.fedoraproject.org",
                "build-date": "2018-09-27T10:36:46.898719",
                "com.redhat.build-host": "osbs-node01.phx2.fedoraproject.org",
                "com.redhat.component": "fedora-toolbox",
                "distribution-scope": "public",
                "license": "MIT",
                "maintainer": "Debarshi Ray \[email protected]\u003e",
                "name": "f29/fedora-toolbox",
                "release": "1",
                "summary": "Base image for creating Fedora toolbox containers",
                "usage": "This image is meant to be used with the fedora-toolbox command",
                "vcs-ref": "2bb7cf2dffd8da870555967015d7d6074cd9d1b4",
                "vcs-type": "git",
                "vendor": "Fedora Project",
                "version": "29"
            }
        },
        "architecture": "amd64",
        "os": "linux",
        "rootfs": {
            "type": "layers",
            "diff_ids": [
                "sha256:8080f9aa6262000ad12d3d7e55331d275d412faa730b75c41bbf444b4ce056e9",
                "sha256:d399ea65472cbad41d640ec2a09724c2f11ac7fa52636b6cec6905e8fa490865",
                "sha256:1249db3c77ad001b27404926eb643fbe96db22d3c8f1d091e597e1297608a348"
            ]
        },
        "history": [
            {
                "created": "2018-09-17T12:27:24Z",
                "comment": "Created by Image Factory"
            },
            {
                "created": "2018-09-27T10:47:13.800071Z"
            },
            {
                "created": "2019-01-24T13:49:36.765963759Z"
            }
        ]
    },
    "DefaultMountsFilePath": "",
    "Isolation": "IsolationDefault",
    "NamespaceOptions": [
        {
            "Name": "cgroup",
            "Host": true,
            "Path": ""
        },
        {
            "Name": "ipc",
            "Host": false,
            "Path": ""
        },
        {
            "Name": "mount",
            "Host": false,
            "Path": ""
        },
        {
            "Name": "network",
            "Host": false,
            "Path": ""
        },
        {
            "Name": "pid",
            "Host": false,
            "Path": ""
        },
        {
            "Name": "user",
            "Host": true,
            "Path": ""
        },
        {
            "Name": "uts",
            "Host": false,
            "Path": ""
        }
    ],
    "ConfigureNetwork": "NetworkDefault",
    "CNIPluginPath": "",
    "CNIConfigDir": "",
    "IDMappingOptions": {
        "HostUIDMapping": true,
        "HostGIDMapping": true,
        "UIDMap": [],
        "GIDMap": []
    },
    "DefaultCapabilities": [
        "CAP_AUDIT_WRITE",
        "CAP_CHOWN",
        "CAP_DAC_OVERRIDE",
        "CAP_FOWNER",
        "CAP_FSETID",
        "CAP_KILL",
        "CAP_MKNOD",
        "CAP_NET_BIND_SERVICE",
        "CAP_SETFCAP",
        "CAP_SETGID",
        "CAP_SETPCAP",
        "CAP_SETUID",
        "CAP_SYS_CHROOT"
    ],
    "AddCapabilities": [],
    "DropCapabilities": []
}

Own PS1 in .bashr override

I use my own PS1. I have it in my .bashrc file like export PS1=... which overrides the one passed to container. And then it is really confusing if I am in toolbox or on my machine.

Is there some simple way how to easily recognize from toolbox that I am inside (so I can edit my PS1 to recognize this)?

Make "enter" staying in current pwd

It'd be cool if fedora-toolbox enter would stay in the current working directory (if available in the container, e.g. ~/**). Currently, enter spawns a new shell with the cwd being the home directory, requiring to cd again.

Documentation

The doc seems to be a good start, but at the end of the Readme I still only have a shell.

I do not know:

what this project really wants to solve (I mean, the ostree image is fixed, okay, but what can I do now what I could not do before?)
how to use it (these two commands won't be the only ones)
seeing it does some container stuff, what about: compartmentalization (create a new "container" and change stuff there?), rollback (can I also quickly delete/dismiss a container?), advantages of this(?)…
what I can actually do inside of it?

If you want an example use case take full system backups, e.g. with borgbackup and possibly some wrapper scripts and where you need to setup a cron job or systemd timer, and special stuff like that. Or even advanced stuff like notifications (i.e. zenity), which I guess is a little hard to make work manually. (I know, flatpak can do so, of course, but manually – this needs some doc)

Error starting toolbox - "setup user: cannot set any additional groups in a rootless container"

Created a container using ./fedora-toolbox create, but it cannot be started:

$ podman start fedora-toolbox-vrutkovs:29
unable to start container "fedora-toolbox-vrutkovs:29": container create failed: container_linux.go:336: starting container process caused "setup user: cannot set any additional groups in a rootless container"
: internal libpod error

F29 Silverblue
Version: 29.1.2 (2018-10-24 23:20:30)
BaseCommit: f17b670fa8cf69144be5ae0c968dc2ee7eb6999a5f7a54f1ee71eec7783e434a

podman-0.10.1-1.gite4a1553.fc29.x86_64

Using custom images

Hi!
I do not see how to use an extra images data from the image directory. I want to build a custom image using my own extra-packages file, but I do not see how to use my own configuration file.

Thanks!

Unable to start container

./fedora-toolbox create finished without error, enter returned ./fedora-toolbox: failed to start container

This is the error when I try to run with podman

container create failed: container_linux.go:336: starting container process caused "setup user: cannot set any additional groups in a rootless container"
: internal libpod error

● ostree://fedora-workstation:fedora/29/x86_64/silverblue
                   Version: 29.20180926.n.0 (2018-09-26 11:29:13)
                BaseCommit: 8fd5bd51b535915218853b6b55989f6579e6c2e6156ac92f74a61ce245e800c0
              GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
           LayeredPackages: adobe-source-code-pro-fonts tuned-utils vim vim-nerdtree vim-powerline zsh

filesystem access issues running LLVM tests

Great tool, thanks (specially for us folks new to silverblue)

Building LLVM seems to work, however I'm seeing filesystem access issues when attempting to run the tests.

Possibly related to #9

Environment:

fedora-silverblue: 29.20181101.0 (2018-11-01 14:01:23)
fedora-toolbox: cf2347f

runc version 1.0.0-rc5+dev
commit: 7463241d645ba55b05b103673e322542661b0ad8
spec: 1.0.1-dev

/var/home btrfs rw,nodev,noatime,seclabel,compress=zstd,ssd,space_cache,subvol=/home

Steps to reproduce:

Create a default fedora-toolbox and enter it
sudo dnf update -y && sudo dnf builddep -y llvm
sudo dnf install -y svn
create and/or cd into $HOME/src
svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
cd llvm && mkdir build && cd build

cmake -GNinja \
  -DCMAKE_INSTALL_PREFIX=/opt/llvm \
  -DCMAKE_BUILD_TYPE=Release \
  -DLLVM_USE_LINKER=gold \
  -DLLVM_OPTIMIZED_TABLEGEN=ON \
  -DLLVM_USE_SPLIT_DWARF=ON \
  ..

run ninja check-llvm

Expected: LLVM tests to run successfully

Actual: (cut out the traceback for brevity/readability)

Running the LLVM regression tests
                                       -- Testing: 28397 tests, 16 threads --                                      
0% [------------------------------------------------------------------------------------------------------------]
OSError: [Errno 30] Read-only file system
FAILED: test/CMakeFiles/check-llvm 
ninja: build stopped: subcommand failed.

Failed to create containers unless attaching portable devices

Without attaching portable devices such as USB and so on, creating containers is on failure while toolbox create.

error checking path "/run/media": stat /run/media: no such file or directory
toolbox: failed to create container fedora-toolbox-thomas:29

[RFE] Introduce a command to "delete" or "remove" a toolbox

The joy of pet containers is in the ability to flush them out and start over.

Currently, I purge everything in ~/.local/share/containers/ whenever I need to start over.

Feel free to CLOSE if [RFE] don't belong in the Github Issues.

Bridging the gap between Flatpaks and Toolbox?

I've been working on a Groovy project, in my toolbox environment (which is fantastic, thank you for building this!), and got the crazy idea to try IntelliJ. I did the obvious thing, and installed the IntelliJ flatpak.

It turns out that IntelliJ wants to know where your JRE is, and I was stuck because the JRE I was using lives in the toolbox container.

I could easily imagine a bunch of other variations where someone might want a flatpak-managed IDE to execute code in the toolbox container. Say, Visual Studio Code or Atom or gvim, with python, ruby, or node.js running in the toolbox container.

Is there, today, a recommended way of dealing with this?

If not, is there anything planned?

Unable to create containers from buildah images

OS: Fedora 29 Workstation (Not Silverblue one)
Podman: 1.0.0
Buildah: buildah version 1.6 (image-spec 1.0.0, runtime-spec 1.0.0)

podman info

host:
  BuildahVersion: 1.6-dev
  Conmon:
    package: podman-1.0.0-1.git82e8011.fc29.x86_64
    path: /usr/libexec/podman/conmon
    version: 'conmon version 1.12.0-dev, commit: 49780a1cf10d572edc4e1ea3b8a8429ce391d47d'
  Distribution:
    distribution: fedora
    version: "29"
  MemFree: 10359164928
  MemTotal: 16545677312
  OCIRuntime:
    package: runc-1.0.0-68.dev.git6635b4f.fc29.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc6+dev
      commit: ef9132178ccc3d2775d4fb51f1e431f30cac1398-dirty
      spec: 1.0.1-dev
  SwapFree: 8493461504
  SwapTotal: 8493461504
  arch: amd64
  cpus: 8
  hostname: localhost.localdomain
  kernel: 4.20.10-200.fc29.x86_64
  os: linux
  rootless: true
  uptime: 1h 22m 32.31s (Approximately 0.04 days)
insecure registries:
  registries: []
registries:
  registries:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  ConfigFile: /home/thomas/.config/containers/storage.conf
  ContainerStore:
    number: 9
  GraphDriverName: vfs
  GraphOptions:
  - overlay.mount_program=/usr/bin/fuse-overlayfs
  GraphRoot: /home/thomas/.local/share/containers/storage
  GraphStatus: {}
  ImageStore:
    number: 9
  RunRoot: /run/user/1000/run

buildah info

{
    "host": {
        "Distribution": {
            "distribution": "fedora",
            "version": "29"
        },
        "MemTotal": 16545677312,
        "MenFree": 10332602368,
        "SwapFree": 8493461504,
        "SwapTotal": 8493461504,
        "arch": "amd64",
        "cpus": 8,
        "hostname": "localhost.localdomain",
        "kernel": "4.20.10-200.fc29.x86_64",
        "os": "linux",
        "rootless": true,
        "uptime": "1h 24m 40.17s (Approximately 0.04 days)"
    },
    "store": {
        "ContainerStore": {
            "number": 0
        },
        "GraphDriverName": "overlay",
        "GraphOptions": [
            "overlay.mount_program=/usr/bin/fuse-overlayfs"
        ],
        "GraphRoot": "/home/thomas/.local/share/containers/storage",
        "GraphStatus": {
            "Backing Filesystem": "extfs",
            "Native Overlay Diff": "false",
            "Supports d_type": "true"
        },
        "ImageStore": {
            "number": 2
        },
        "RunRoot": "/run/user/1000"
    }
}

Error message

 thomas@localhost  ~/dev/toolbox   master  ./toolbox -v create           
toolbox: checking if image fedora-toolbox-thomas:29 already exists
toolbox: checking if container fedora-toolbox-thomas:29 already exists
error looking up container "fedora-toolbox-thomas:29": no container with name or ID fedora-toolbox-thomas:29 found: no such container
toolbox: trying to create container fedora-toolbox-thomas:29
Trying to pull docker.io/fedora-toolbox-thomas:29...Failed
Trying to pull registry.fedoraproject.org/fedora-toolbox-thomas:29...Failed
Trying to pull quay.io/fedora-toolbox-thomas:29...Failed
Trying to pull registry.access.redhat.com/fedora-toolbox-thomas:29...Failed
Trying to pull registry.centos.org/fedora-toolbox-thomas:29...Failed
unable to pull fedora-toolbox-thomas:29: 5 errors occurred:

* Error determining manifest MIME type for docker://fedora-toolbox-thomas:29: Error reading manifest 29 in docker.io/library/fedora-toolbox-thomas: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

* Error determining manifest MIME type for docker://registry.fedoraproject.org/fedora-toolbox-thomas:29: Error reading manifest 29 in registry.fedoraproject.org/fedora-toolbox-thomas: manifest unknown: manifest unknown
* Error determining manifest MIME type for docker://quay.io/fedora-toolbox-thomas:29: Error reading manifest 29 in quay.io/fedora-toolbox-thomas: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\n"
* Error determining manifest MIME type for docker://registry.access.redhat.com/fedora-toolbox-thomas:29: Error reading manifest 29 in registry.access.redhat.com/fedora-toolbox-thomas: unknown: Not Found
* Error determining manifest MIME type for docker://registry.centos.org/fedora-toolbox-thomas:29: Error reading manifest 29 in registry.centos.org/fedora-toolbox-thomas: manifest unknown: manifest unknown
toolbox: failed to create container fedora-toolbox-thomas:29

This might happen because podman and buildah both are based on different image-spec?

fedora-toolbox create fails to generate new container if image already exists

tl;dr - declare dbus_system_bus_path outside of the buildah inspect --type image $toolbox_image check

Hi there!

After messing up my pet container, I decided to start afresh by running:

[jeshua@jeshua-Surface-Pro-3 ~]$ podman stop fedora-toolbox-jeshua:29 
d3ac6a0f1b80dea6f6fd64204ffd8a444ee4bccb7a16d797540984e48357916e
[jeshua@jeshua-Surface-Pro-3 ~]$ podman rm fedora-toolbox-jeshua:29 
d3ac6a0f1b80dea6f6fd64204ffd8a444ee4bccb7a16d797540984e48357916e

If I'm not mistaken, fedora-toolbox create is expected to consider that while the container is gone, the image is still there, and pick up the process from there, generating a fresh container from the image. However, that step fails:

[jeshua@jeshua-Surface-Pro-3 ~]$ fedora-toolbox create
/home/jeshua/.local/bin/fedora-toolbox: failed to create container fedora-toolbox-jeshua:29

Considering the verbose output,

error looking up container "fedora-toolbox-jeshua:29": no container with name or ID fedora-toolbox-jeshua:29 found: no such container
invalid host path, must be an absolute path ""
/home/jeshua/.local/bin/fedora-toolbox: failed to create container fedora-toolbox-jeshua:29

the first line is as expected (its from the check on whether the container exists), but the second is causing podman create to fail. A bunch of debug echos reveals that --volume $dbus_system_bus_path:$dbus_system_bus_path is to blame, since that variable is declared inside of the block that only runs if the image needs to be created.

Recommendation: move

if ! $prefix_sudo buildah inspect --type image $toolbox_image >/dev/null 2>&42; then
        ...
        if [ "$DBUS_SYSTEM_BUS_ADDRESS" != "" ]; then
            dbus_system_bus_address=$DBUS_SYSTEM_BUS_ADDRESS
        fi
        dbus_system_bus_path=$(echo $dbus_system_bus_address | cut --delimiter = --fields 2 2>&42)
        dbus_system_bus_path=$(readlink --canonicalize $dbus_system_bus_path 2>&42)
        ...
fi

out of the surrounding conditional.

Sorry if this is a bit lengthy for what amounts to a tiny fix, first time reporting an issue.

onboarding friendliness

I did a fresh install of silverblue. fedora-toolbox was installed. But I didn't quite know how to get started, so I just ran it:

$ fedora-toolbox
/usr/bin/fedora-toolbox: missing command
Try '/usr/bin/fedora-toolbox --help' for more information.

Thats not terrible, but it could be nicer.

Don't show the full path. 'fedora-toolbox' is enough
Give me some hints how to get started, Something like "Use the 'create' command to create a toolbox", would be helpful
For a minute, I was confused and thought there was some installation issue where fedora-toolbox was missing some tool it relies on. The error message could be clearer.
Not so much a newcomer thing, but completion would be great to explore available commands

After this, I tried: man fedora-toolbox - and was greeted by another error message.
Its a commandline tool, it should have a man page.

Eventually, I figured I need to run: fedora-toolbox create. It did something! It did not really give me any for what to do next, but I just tried: fedora-toolbox enter. Sadly, this gives

$ fedora-toolbox enter
/usr/bin/fedora-toolbox: failed to start container fedora-toolbox-mclasen:30

At this point, I'm stuck. What is wrong? What to do next?

Bashisms with /bin/sh shebang

Currently fedora-toolbox has /bin/sh as shebang, implying that only POSIX shell functions are used. For example in Debian/Ubuntu based distributions, /bin/sh is not a symlink to bash, but to dash, which does not support bash extensions (see https://wiki.debian.org/DashAsBinSh). However, fedora-toolbox uses a couple of these bash functions. I ran the checkbashisms script to check for this, and it contained a couple of bash-exclusive features as of 4cf58d5 (see https://gist.github.com/aimileus/e83db1f70344846d98f4e1aff071644b).

rootless buildah and rootless podman don't see each other's images

So some weeks ago I cleaned away my podman containers and images, and this seems to have broken fedora-toolbox for me:

$ buildah images -n
registry.fedoraproject.org/f29/fedora-toolbox            29                   032b427fbbf7         Sep 27, 2018 19:47     578 MB
localhost/fedora-toolbox-petersen                        29                   0c06f5c08a55         Dec 14, 2018 18:41     578 MB
registry.fedoraproject.org/f28/fedora-toolbox            28                   9ffedc39f7f2         Sep 27, 2018 01:07     602 MB
localhost/fedora-toolbox-petersen                        28                   7b9d97257117         Dec 27, 2018 15:51     602 MB
$ podman images | grep toolbox
$ git clone https://github.com/debarshiray/fedora-toolbox
$ cd fedora-toolbox
$ edit fedora-toolbox  ## add set -x to the beginning of fedora-toolbox
$ ./src/fedora-toolbox -v create
: 
:
+ uid_plus_one=1001
+ echo './fedora-toolbox: trying to create container fedora-toolbox-petersen:29'
+ podman create --group-add wheel --hostname toolbox --interactive --name fedora-toolbox-petersen:29 --network host --privileged --security-opt label=disable --tmpfs /dev/shm:size=8345511936 --tty --uidmap 1000:0:1 --uidmap 0:1:1000 --uidmap 1001:1001:64536 --volume /home/petersen:/home/petersen --volume /run/user/1000:/run/user/1000 --volume /run/dbus/system_bus_socket:/run/dbus/system_bus_socket --volume /dev/dri:/dev/dri fedora-toolbox-petersen:29 /bin/sh
Trying to pull docker.io/fedora-toolbox-petersen:29...Failed
Trying to pull registry.fedoraproject.org/fedora-toolbox-petersen:29...Failed
:
unable to pull fedora-toolbox-petersen:29: 5 errors occurred:

* Error determining manifest MIME type for docker://fedora-toolbox-petersen:29: Error reading manifest 29 in docker.io/library/fedora-toolbox-petersen: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

* Error determining manifest MIME type for docker://registry.fedoraproject.org/fedora-toolbox-petersen:29: Error reading manifest 29 in registry.fedoraproject.org/fedora-toolbox-petersen: manifest unknown: manifest unknown
: 
+ echo './fedora-toolbox: failed to create container fedora-toolbox-petersen:29'
./fedora-toolbox: failed to create container fedora-toolbox-petersen:29
+ exit 1
+ exit

Anyway this seems to be caused by podman images being different to buildah images or something like that AFAICT...

I guess I need to delete the buildah image or skopeo it back over to podman storage to fix my setup, so while this might be an edge case I think it would be good to handle this missing podman user toolbox image case (after podman rmi the base image etc): I didn't realise the buildah and podman image storage is separate...

However even if I replace buildah inspect with podman inspect, it still fails for me in the same way.

'toolbox enter' fails with unable to find user, no matching entries in passwd file

i just tried to create a toolbox container with the latest version of the script (master), create worked and created the image:

$ podman images
REPOSITORY                                      TAG      IMAGE ID       CREATED              SIZE
localhost/fedora-toolbox-pinhead                30       8a0b8beb4d2e   About a minute ago   556 MB

but when i execute toolbox enter, it fails

$ bin/toolbox -v enter
toolbox: trying to start container fedora-toolbox-pinhead:30
Error: unable to start container "fedora-toolbox-pinhead:30": unable to find user pinhead: no matching entries in passwd file
toolbox: failed to start container fedora-toolbox-pinhead:30

any help would be appreciated

thanks for your time and help!

Cannot enter toolbox after reboot

Toolbox under non-root was working before rebooting to update Silverblue to current version 29.20190219.0. Now toolbox-enter fails with the following error. It's necessary to remove the toolbox container and then allow toolbox-enter to recreate it.

fedora-toolbox -v enter 
/usr/bin/fedora-toolbox: trying to start container fedora-toolbox-andmalc:29
unable to start container "fedora-toolbox-andmalc:29": unable to find user andmalc: no matching entries in passwd file
/usr/bin/fedora-toolbox: failed to start container fedora-toolbox-andmalc:29

The container does exist:

podman ps --all
CONTAINER ID  IMAGE                                   COMMAND               CREATED     STATUS   PORTS  NAMES
ced84272c801  localhost/fedora-toolbox-andmalc:29     /bin/sh               5 days ago  Created         fedora-toolbox-andmalc:29```

podman --version
podman version 1.0.0

buildah --version
buildah version 1.7 (image-spec 1.0.0, runtime-spec 1.0.0)

rpm-ostree status
State: idle
AutomaticUpdates: disabled
Deployments:
● ostree://fedora-atomic-29:fedora/29/x86_64/atomic-host
                   Version: 29.20190219.0 (2019-02-19T04:52:26Z)
                BaseCommit: d00adf110907f93f6cdd05deda0e2878c9bd71c74e0c4c2e9a5250d2f4cc8868
              GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
           LayeredPackages: fedora-toolbox git

  ostree://fedora-atomic-29:fedora/29/x86_64/atomic-host
                   Version: 29.20190219.0 (2019-02-19T04:52:26Z)
                BaseCommit: d00adf110907f93f6cdd05deda0e2878c9bd71c74e0c4c2e9a5250d2f4cc8868
              GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
           LayeredPackages: fedora-toolbox git

Bubblewrap doesn't work inside the toolbox when UID != 0

Here's what happens when you run bwrap when inside the container:

🔹[myates@toolbox buildstream-storeonce]$ bwrap --version
bubblewrap 0.3.1
🔹[myates@toolbox buildstream-storeonce]$ bwrap --help
bwrap: Unexpected capabilities but not setuid, old file caps config?
🔹[myates@toolbox buildstream-storeonce]$ sudo bwrap --help
usage: bwrap [OPTIONS...] [--] COMMAND [ARGS...]

    --help                       Print this help
    --version                    Print version
...

Same results for all other options too.

Is this an issue with rootless containers in podman?

Glitches in an interactive shell spawned via 'podman exec', but not 'podman run', due to the presence of OPOST in the outer PTY and missing ONLCR in the inner PTY

Description of issue

I tried to use vim in tmux in fedora-toolbox container and I have this weird rendering issue.

When I add newline to script, every line that should be indented by smarttab option is replacing line numbers, but in the buffer it is still on the same place.
This is how it looks before I add a new line:

And this is how it looks after:

This issue is only happening in tmux, I didn't saw this when the vim is started outside of tmux.

Versions of components

vim-common-8.1.511-1.fc29.x86_64
tmux-2.8-1.fc29.x86_64
fedora-toolbox commit cf2347f

How to reproduce

./fedora-toolbox create
./fedora-toolbox enter
sudo dnf install tmux vim
tmux
vim (some python file)
:set number
:set smarttab
Add new line to file somewhere in the code

Add test suite

The toolbox has grown enough glue on top of Buildah and Podman that it's worth testing them more methodically. The Podman test suite might serve as a decent starting point for researching how such a test suite might look.

setup user: cannot set any additional groups in a rootless container

Hi, great pet container, I am using it on Silverblue 29 beta and CentOS (sudo mode) which I try to treat immutable.

On an updated clean 29 install I get the following error:

./fedora-toolbox -v enter
unable to start container "fedora-toolbox-gary:29": container create failed: container_linux.go:336: starting container process caused "setup user: cannot set any additional groups in a rootless container"
: internal libpod error
./fedora-toolbox: failed to start container fedora-toolbox-gary:29``

The culprit seems to be "--group-add wheel" under the podman create.

sudo doesn't work! (When using 'overlayfs' driver)

[myates@myates-uk-rdlabs-hpecorp-net fedora-toolbox]$ fedora-toolbox create
[myates@myates-uk-rdlabs-hpecorp-net fedora-toolbox]$ fedora-toolbox enter
🔹[myates@toolbox ~]$ sudo -i
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
🔹[myates@toolbox ~]$ logout
[myates@myates-uk-rdlabs-hpecorp-net fedora-toolbox]$ buildah --version
buildah version 1.5 (image-spec 1.0.0, runtime-spec 1.0.0)
[myates@myates-uk-rdlabs-hpecorp-net fedora-toolbox]$ podman --version
podman version 0.10.1.3
[myates@myates-uk-rdlabs-hpecorp-net fedora-toolbox]$ rpm-ostree status --booted
State: idle
AutomaticUpdates: disabled
BootedDeployment:
● ostree://fedora-workstation:fedora/29/x86_64/silverblue
                   Version: 29.20181205.0 (2018-12-05T01:01:39Z)
                BaseCommit: 6b4bc8e81acb50897c493154d09afb6f07da3b2d35a1811ab1f121c4447117c1
              GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
           LayeredPackages: neovim powerline-fonts python2 python3-neovim rpm-build strace the_silver_searcher tmux vim zsh
             LocalPackages: tube-certificates-2.0.0-3.el7.vduos.noarch

Obviously this is a bit of an issue as you can't use dnf without sudo, which make the toolbox a bit useless.

Error determining manifest MIME type

For whatever reason this doesn’t work. Seems it should instead load the generic image from the registries, or?

● ostree://fedora-workstation:fedora/29/x86_64/silverblue
                   Version: 29.20190122.0 (2019-01-22T00:54:25Z)
                BaseCommit: cc179340ed53393683ead798a381717512f09aa6ad050f9d479ffdd8c0664dc3
              GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
       RemovedBasePackages: gnome-terminal-nautilus-3.30.2-1.fc29.x86_64
                            gnome-classic-session-3.30.1-1.fc29.noarch
                            gnome-shell-extension-places-menu-3.30.1-1.fc29.noarch
                            gnome-terminal-3.30.2-1.fc29.x86_64
                            gnome-shell-extension-apps-menu-3.30.1-1.fc29.noarch
                            gnome-shell-extension-launch-new-instance-3.30.1-1.fc29.noarch
                            gnome-shell-extension-window-list-3.30.1-1.fc29.noarch
                            gnome-shell-extension-alternate-tab-3.30.1-1.fc29.noarch
           LayeredPackages: adapta-gtk-theme aeskulap android-tools baobab bat cheese
                            chromium dconf-editor dnf easytag exa fd-find fedora-toolbox
                            ffmpeg file-roller file-roller-nautilus fuse-exfat git
                            gnome-encfs-manager gnome-logs gnome-tweaks gnome-usage gpick
                            hack-fonts htop iftop julia linux-libertine-biolinum-fonts
                            linux-libertine-fonts mosh neovim powerline-go pv
                            python3-matplotlib ripgrep snapd task tilix tilix-nautilus tmux
                            tokei xenlism-wildfire xenlism-wildfire-midnight youtube-dl zsh
             LocalPackages: rpmfusion-nonfree-release-29-0.5.noarch
                            rpmfusion-free-release-29-0.5.noarch

> fedora-toolbox -v create
error looking up container "fedora-toolbox-frank:29": no container with name or ID fedora-toolbox-frank:29 found: no such container
Trying to pull docker.io/fedora-toolbox-frank:29...Failed
Trying to pull registry.fedoraproject.org/fedora-toolbox-frank:29...Failed
Trying to pull quay.io/fedora-toolbox-frank:29...Failed
Trying to pull registry.access.redhat.com/fedora-toolbox-frank:29...Failed
Trying to pull registry.centos.org/fedora-toolbox-frank:29...Failed
unable to pull fedora-toolbox-frank:29: 5 errors occurred:

* Error determining manifest MIME type for docker://fedora-toolbox-frank:29: Error reading manifest 29 in docker.io/library/fedora-toolbox-frank: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

* Error determining manifest MIME type for docker://registry.fedoraproject.org/fedora-toolbox-frank:29: Error reading manifest 29 in registry.fedoraproject.org/fedora-toolbox-frank: manifest unknown: manifest unknown
* Error determining manifest MIME type for docker://quay.io/fedora-toolbox-frank:29: Error reading manifest 29 in quay.io/fedora-toolbox-frank: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\n"
* Error determining manifest MIME type for docker://registry.access.redhat.com/fedora-toolbox-frank:29: Error reading manifest 29 in registry.access.redhat.com/fedora-toolbox-frank: unknown: Not Found
* Error determining manifest MIME type for docker://registry.centos.org/fedora-toolbox-frank:29: Error reading manifest 29 in registry.centos.org/fedora-toolbox-frank: manifest unknown: manifest unknown
/usr/bin/fedora-toolbox: failed to create container fedora-toolbox-frank:29

And how can I delete everything it installed, so that I can run it from scratch again?

Toolbox container creation fails on Fedora 29 Silverblue

After setting up a clean system with Fedora 29 Silverblue I installed the fedora-toolbox with:

rpm-ostree install fedora-toolbox

This completed successfully. I then tried fedora-toolbox create as my own user, which failed with the output:

/usr/bin/fedora-toolbox: failed to create container fedora-toolbox-bholmes:29

Added -v to give me some more logs:

fedora-toolbox -v create
/usr/bin/fedora-toolbox: checking if image fedora-toolbox-bholmes:29 already exists
/usr/bin/fedora-toolbox: checking if container fedora-toolbox-bholmes:29 already exists
error looking up container "fedora-toolbox-bholmes:29": no container with name or ID fedora-toolbox-bholmes:29 found: no such container
/usr/bin/fedora-toolbox: trying to create container fedora-toolbox-bholmes:29
Trying to pull docker.io/fedora-toolbox-bholmes:29...Failed
Trying to pull registry.fedoraproject.org/fedora-toolbox-bholmes:29...Failed
Trying to pull quay.io/fedora-toolbox-bholmes:29...Failed
Trying to pull registry.access.redhat.com/fedora-toolbox-bholmes:29...Failed
Trying to pull registry.centos.org/fedora-toolbox-bholmes:29...Failed
unable to pull fedora-toolbox-bholmes:29: 5 errors occurred:

* Error determining manifest MIME type for docker://fedora-toolbox-bholmes:29: Error reading manifest 29 in docker.io/library/fedora-toolbox-bholmes: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

* Error determining manifest MIME type for docker://registry.fedoraproject.org/fedora-toolbox-bholmes:29: Error reading manifest 29 in registry.fedoraproject.org/fedora-toolbox-bholmes: manifest unknown: manifest unknown
* Error determining manifest MIME type for docker://quay.io/fedora-toolbox-bholmes:29: Error reading manifest 29 in quay.io/fedora-toolbox-bholmes: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\n"
* Error determining manifest MIME type for docker://registry.access.redhat.com/fedora-toolbox-bholmes:29: Error reading manifest 29 in registry.access.redhat.com/fedora-toolbox-bholmes: unknown: Not Found
* Error determining manifest MIME type for docker://registry.centos.org/fedora-toolbox-bholmes:29: Error reading manifest 29 in registry.centos.org/fedora-toolbox-bholmes: manifest unknown: manifest unknown
/usr/bin/fedora-toolbox: failed to create container fedora-toolbox-bholmes:29

Version info:

podman --version
podman version 1.0.0

runc --version
runc version 1.0.0-rc6+dev
commit: d164d9b08bf7fc96a931403507dd16bced11b865
spec: 1.0.1-dev

This doesn't look healthy. Any thoughts?

Spinner doesn't stop after hitting ctrl+c

v0.0.4-1.fc29

Ctrl + C doesn’t work, it continues running in the background.

$dbus_system_bus_path when image exists but container doesn't

If you delete just the image, recreation of the container with 'fedora-toolbox create' fails because $dbus_system_bus_path isn't set.

/dev/fuse not available in the toolbox

Is it possible to add a --volume /dev/fuse:/dev/fuse when creating the toolbox to facilitate this?

Project Logo

Apparently no project is taken seriously before it has a logo. Let's figure that one out.

Not using shell set in /etc/passwd

fedora-toolbox always start with /bin/bash instead of shell, that is set for the user in /etc/passwd

In my case, I have this in /etc/passwd

zlopez:x:1000:1000::/home/zlopez:/usr/bin/fish

And I have fish installed in fedora-toolbox, but it always starts with /bin/bash instead.

I noticed that even the tmux inside is starting /bin/bash instead of /usr/bin/fish.

Don't mount /sys/fs/selinux in rootless mode

Fedora SilverBlue 29, updated yesterday:

rpm -ivh foo.rpm
Error: Plugin selinux: hook tsm_pre failed" when using rpm -ivh

It seems to be testing for:

openat(AT_FDCWD, "/etc/selinux/targeted/contexts/files/file_contexts.subs_dist", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/selinux/targeted/contexts/files/file_contexts.subs", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/etc/selinux/targeted/contexts/files/file_contexts", 0x7ffe6d43ab28) = -1 ENOENT (No such file or directory)
stat("/etc/selinux/targeted/contexts/files/file_contexts.bin", 0x7ffe6d43abc0) = -1 ENOENT (No such file or directory)

i.e. /etc/selinux/targeted/ exists outside the toolbox, but not inside

🔹[hughsie@toolbox build]$ getenforce 
Enforcing

So perhaps rpm thinks that the policy is enforcing (and so the plugin runs) but then the plugin can't find anything it needs? Although, using setenfoce 0 outside the toolbox makes the toolbos show as "Permissive", and the rpm inside the toolbox still fails.

Access to external drives

Currently it seems it's impossible to access external drives from inside the container.

shm_open doesn't work

Hi,
when I run a playbook inside the fedora-toolbox created container it returns the following error:
ERROR! Unable to use multiprocessing, this is normally caused by lack of access to /dev/shm: [Errno 30] Read-only file system

error looking up container; but `fedora-toolbox enter` is successful

I nuked my rootless local storage after reading through #25, but when I tried creating my toolbox container (as my normal user), it bombed out with an error:

$ ./fedora-toolbox -v create
error reading image "fedora-toolbox-miabbott:29": error reading image: error locating image "fedora-toolbox-miabbott:29" for importing settings: error locating image with name "fedora-toolbox-miabbott:29": image
 not known          
ERRO[0000] exit status 1                                                        
Error determining manifest MIME type for docker://localhost/fedora-toolbox:29: pinging docker registry returned: Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused
ERRO[0000] exit status 1                                                                                                                                                                                          
Getting image source signatures                                                              
Copying blob sha256:af19ce19de5ee70d1ca852c65f9927fab6ba09de2864af2acdf18d60774bffbd
 85.70 MiB / 85.70 MiB [====================================================] 5s
Copying blob sha256:6df1bfffa76ae08ebcb61de2ae28fbf5f8a84079b6cb316d095cdf4cb5e2bdbb
 182.56 MiB / 182.56 MiB [================================================] 1m1s
Copying config sha256:032b427fbbf72ac22336638af319ef989a2b99e038ca087743c132ab71445ed8
 2.69 KiB / 2.69 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
passwd: Note: deleting a password also unlocks the password.
passwd: Note: deleting a password also unlocks the password.
Getting image source signatures
Skipping fetch of repeat blob sha256:8080f9aa6262000ad12d3d7e55331d275d412faa730b75c41bbf444b4ce056e9
Skipping fetch of repeat blob sha256:d399ea65472cbad41d640ec2a09724c2f11ac7fa52636b6cec6905e8fa490865
Copying blob sha256:fb9af836eab0e2933b376e69cda60a76db99aa9670a294063a116c0d40d91288
 1.93 KiB / 1.93 KiB [======================================================] 0s
Copying config sha256:ac2ab0fa9a697507d0a37fd7012394a532e5fb3c6cbaf2b22a5a5f953fce9304
 1.45 KiB / 1.45 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
error looking up container "fedora-toolbox-miabbott:29": no container with name or ID fedora-toolbox-miabbott:29 found: no such container

However, buildah and podman report the image and container being present.

$ buildah images -a                                                                                                                             
IMAGE NAME                                               IMAGE TAG            IMAGE ID             CREATED AT             SIZE                                                                                    
registry.fedoraproject.org/f29/fedora-toolbox            29                   032b427fbbf7         Sep 27, 2018 06:47     578 MB                                                                                  
localhost/fedora-toolbox-miabbott                        29                   ac2ab0fa9a69         Jan 9, 2019 16:14      578 MB                                                                                  
$ podman images -a
REPOSITORY                                      TAG   IMAGE ID       CREATED              SIZE
localhost/fedora-toolbox-miabbott               29    ac2ab0fa9a69   About a minute ago   578 MB
registry.fedoraproject.org/f29/fedora-toolbox   29    032b427fbbf7   3 months ago         578 MB
$ buildah containers -a
CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
dc880a9a9a95           ac2ab0fa9a69 localhost/fedora-toolbox-miabbott:29 fedora-toolbox-miabbott:29

$ podman ps -a
CONTAINER ID  IMAGE                                 COMMAND  CREATED             STATUS   PORTS  NAMES
dc880a9a9a95  localhost/fedora-toolbox-miabbott:29  /bin/sh  About a minute ago  Created         fedora-toolbox-miabbott:29

And fedora-toolbox enter was successful:

$ ./fedora-toolbox -v enter
[miabbott@toolbox (container) ~ ]$

A Docker image on dockerhub for Fedora Toolbox

I'm in the need of a Docker image that would allow user to provision some content in the container without being allowed to use sudo. It really looks like fedora-toolbox in what I'm looking for!
Would it be possible to publish a Docker image on docker hub for fedora-toolbox installed (and maybe even started) ?

dbus_system_bus_path is only set if the toolbox image does not exist

If the image already exists, then that entire if will be skipped, and podman create will fail because the D-Bus socket volume argument will end up being --volume :.

Original issue on Fedora Discourse.

Some Nmap options do not work inside toolbox container

🔹[ezakharov@toolbox ~]$ nmap -v -sS -A -p 1-1024 192.168.0.0/24
You requested a scan type which requires root privileges.
QUITTING!
🔹[ezakharov@toolbox ~]$ sudo nmap -v -sS -A -p 1-1024 192.168.0.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 20:57 UTC
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 20:57
Completed NSE at 20:57, 0.00s elapsed
Initiating NSE at 20:57
Completed NSE at 20:57, 0.00s elapsed
Initiating ARP Ping Scan at 20:57
dnet: Failed to open device enp4s0
QUITTING!

Is where anything I can do about it? I don't want to bring nmap into my base image...

Providing `--version` information

Is missing in v0.0.4-1.fc29