running podman within a toolbox

[jonleivent]

Is your feature request related to a problem? Please describe. It should be possible to run podman within a toolbox. Currently (toolbox 0.0.99.3, podman 4.1.1), after sudo dnf install podman in a fedora-toolbox:36 toolbox, I get this:

⬢[user@toolbox user]$ podman images
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
ERRO[0000] cannot find UID/GID for user user: no subuid ranges found for user "user" in /etc/subuid - check rootless mode in man pages.
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user
ERRO[0000] invalid internal status, try resetting the pause process with "podman system migrate": cannot re-exec process to join the existing user namespace

Describe the solution you'd like I'd like all podman commands to work in the toolbox just as well as outside. Consider the case of scripts mixing podman run containerized apps with normally (dnf) installed apps within the toolbox. In this case (unlike the podman images example above), one can't merely issue the podman command outside the toolbox in another terminal.

Note also: https://www.redhat.com/sysadmin/podman-inside-container

Describe alternatives you've considered I'm still working through what development entirely within a toolbox would look like. I can probably work around my issue by always running podman outside toolbox, but then mixing podman commands with applications that are only installed within the toolbox becomes a bit more difficult. I guess the alternative here is for each command I need to run in the same environment as podman that corresponds to an application available in my toolbox environment, I need to create some alias based on toolbox run. So, in my example below, python3 is only installed in the toolbox, but needed within a script that also needs podman run. So I will do: alias python3='toolbox run python3' outside the toolbox, which will of course result in slower python invocations.

Is there a way instead of launching a command from within a toolbox that runs outside? In that case, I'd alias podman to that within the toolbox.

BTW: what is a preferred way to conditionalize between within toolbox vs. not for my .bashrc so I can set any such aliases only in one place and not the other? Just conditionalize on hostname == toolbox, I guess?

Additional context My current project is starting with only Fedora CoreOS, podman and toolbox (which come installed), with everything else containerized, create a fully functioning desktop by using x11docker-xserver and x11docker-kde-plasma docker images. The end result would resemble Kinoite, but with very different security and update modularity, both of which are my goals. However, the x11docker bash script needs python as well as the ability to call podman run. But CoreOS does not have python. I know I can rpm-ostree install it, but that defeats the everything-but-CoreOS-is-containerized goal.

[akdev1l]

You can use podman --remote - you'll need to enable the podman socket for it to work.

systemctl --user enable --now podman.sock

[maxtorete]

Thanks @akdev1l , it works for me, just have to change it to:

systemctl --user enable --now podman.socket

[debarshiray]

Duplicate of https://github.com/containers/toolbox/issues/145

[debarshiray]

I guess the alternative here is for each command I need to run in the same environment as podman that corresponds to an application available in my toolbox environment, I need to create some alias based on toolbox run. So, in my example below, python3 is only installed in the toolbox, but needed within a script that also needs podman run. So I will do: alias python3='toolbox run python3' outside the toolbox, which will of course result in slower python invocations.

Yes, that's one way to do it. You run the top-level scripts on the host, and install toolbox run aliases or wrappers on the host for the commands that need to run inside the Toolbx container.

Is there a way instead of launching a command from within a toolbox that runs outside?

Yes, there is: flatpak-spawn --host ...

Toolbx itself uses it. You can run most of the Toolbx commands inside a container. :)

In that case, I'd alias podman to that within the toolbox.

Yes, that's the plan in https://github.com/containers/toolbox/issues/145 We want to provide out of the box wrappers inside the Toolbx containers for the most common commands that really must always run on the hosts.

[debarshiray]

what is a preferred way to conditionalize between within toolbox vs. not for my .bashrc so I can set any such aliases only in one place and not the other? Just conditionalize on hostname == toolbox, I guess?

The best way to do that is to check for the /run/.toolboxenv file. There's also the more generic /run/.containerenv for Podman containers. The /etc/profile.d/toolbox.sh snippet uses them.

[debarshiray]

My current project is starting with only Fedora CoreOS, podman and toolbox (which come installed), with everything else containerized, create a fully functioning desktop by using x11docker-xserver and x11docker-kde-plasma docker images.

This sounds like a very interesting project. Good luck with it, and thanks for your interest in Toolbx!