58134f8497
These tests assume that the group and user information on the host operating system can be provided by different plugins for the GNU Name Service Switch (or NSS) functionality of the GNU C Library. eg., on enterprise FreeIPA set-ups. However, it's expected that everything inside the Toolbx container will be provided by /etc/group, /etc/passwd, /etc/shadow, etc.. While /etc/group and /etc/passwd can be read by any user, /etc/shadow can only be read by root. However, it's awkward to use sudo(8) in the test cases involving /etc/shadow, because they ensure that root and $USER don't need passwords to authenticate inside the container, and sudo(8) itself depends on that. If sudo(8) is used, the test suite can behave unexpectedly if Toolbx didn't set up the container correctly. eg., it can get blocked waiting for a password. Hence, 'podman unshare' is used instead to enter the container's initial user namespace, where $USER from the host appears as root. This is sufficient because the test cases only need to read /etc/shadow inside the Toolbx container. https://github.com/containers/toolbox/pull/1355 |
||
|---|---|---|
| .github | ||
| data | ||
| doc | ||
| images | ||
| playbooks | ||
| profile.d | ||
| src | ||
| test | ||
| .codespellexcludefile | ||
| .gitignore | ||
| .gitmodules | ||
| .mailmap | ||
| .zuul.yaml | ||
| CODE-OF-CONDUCT.md | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| gen-docs-list | ||
| GOALS.md | ||
| meson.build | ||
| meson_options.txt | ||
| meson_post_install.py | ||
| NEWS | ||
| README.md | ||
| SECURITY.md | ||
| toolbox | ||
Toolbox is a tool for Linux, which allows the use of interactive command line environments for development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI.
Toolbox environments have seamless access to the user's home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc..
This is particularly useful on OSTree based operating systems like Fedora CoreOS and Silverblue. The intention of these systems is to discourage installation of software on the host, and instead install software as (or in) containers — they mostly don't even have package managers like DNF or YUM. This makes it difficult to set up a development environment or troubleshoot the operating system in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do yum install ansible
without affecting the base operating system.
However, this tool doesn't require using an OSTree based system. It works equally well on Fedora Workstation and Server, and that's a useful way to incrementally adopt containerization.
The toolbox environment is based on an OCI
image. On Fedora this is the fedora-toolbox image. This image is used to
create a toolbox container that offers the interactive command line
environment.
Note that Toolbox makes no promise about security beyond what's already available in the usual command line environment on the host that everybody is familiar with.
Installation & Use
See our guides on installing & getting started with Toolbox and Linux distro support.