Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Toolbox #96115

Closed
tijolao opened this issue Aug 23, 2020 · 17 comments · Fixed by #203904
Closed

Toolbox #96115

tijolao opened this issue Aug 23, 2020 · 17 comments · Fixed by #203904
Labels
0.kind: packaging request Request for a new package to be added 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md

Comments

@tijolao
Copy link

tijolao commented Aug 23, 2020

Project description

It's a tool to create pet-container using Podman. The container is fully mutable and maps your user home to the container.

Metadata

@tijolao tijolao added the 0.kind: packaging request Request for a new package to be added label Aug 23, 2020
@zowoq
Copy link
Contributor

zowoq commented Aug 24, 2020

I took a brief look at this a couple of months ago after it was rewritten in go. I'll post what I had if I can find it.

It uses meson/ninja as a build system which makes it kind of non-standard and a bit awkward to package compared to other go projects, might be easier to skip it and specify the build/install phases manually.

IIRC it also needed completion/profile.d paths to be patched in, had issues trying to mount other paths on NixOS and it wanted flatpak for some reason.

@mt-caret
Copy link
Contributor

mt-caret commented Nov 7, 2020

I also took a shot at getting toolbox working a while back, and wrote a nix expression for building the package, but decided to try it out when podman is rolled out in a stable NixOS channel. Now that 20.09 is released, I'm trying it out but I get cryptic errors like the following:

$ toolbox enter -v
level=debug msg="Running as real user ID 1000"
level=debug msg="Resolved absolute path to the executable as /nix/store/cnddgykvpjnh8a742vl8hcqr459ji0s6-toolbox-0.0.97/bin/toolbox"
level=debug msg="Running on a cgroups v1 host"
level=debug msg="Checking if /etc/subgid and /etc/subuid have entries for user delta"
level=debug msg="TOOLBOX_PATH is /nix/store/cnddgykvpjnh8a742vl8hcqr459ji0s6-toolbox-0.0.97/bin/toolbox"
level=debug msg="Toolbox config directory is /home/delta/.config/toolbox"
level=debug msg="Current Podman version is 2.1.1"
level=debug msg="Old Podman version is 2.1.1"
level=debug msg="Migration not needed: Podman version 2.1.1 is unchanged"
level=debug msg="Resolving container and image names"
level=debug msg="Container: ''"
level=debug msg="Image: ''"
level=debug msg="Release: ''"
level=debug msg="Resolved container and image names"
level=debug msg="Container: 'fedora-toolbox-31'"
level=debug msg="Image: 'fedora-toolbox:31'"
level=debug msg="Release: '31'"
level=debug msg="Checking if container fedora-toolbox-31 exists"
level=debug msg="Container fedora-toolbox-31 not found"
level=debug msg="Fetching containers with label=com.redhat.component=fedora-toolbox"
level=debug msg="Fetching containers with label=com.github.debarshiray.toolbox=true"
level=debug msg="Found 1 containers"
Error: container fedora-toolbox-31 not found
Entering container fedora-toolbox-30 instead.
Use the 'create' command to create a different toolbox.
Run 'toolbox --help' for usage.
level=debug msg="Inspecting mounts of container fedora-toolbox-30"
level=debug msg="Requires org.freedesktop.Flatpak.SessionHelper"
level=debug msg="Calling org.freedesktop.Flatpak.SessionHelper.RequestSession"
level=debug msg="Starting container fedora-toolbox-30"
level=debug msg="Inspecting entry point of container fedora-toolbox-30"
level=debug msg="Entry point PID is a float64"
level=debug msg="Entry point of container fedora-toolbox-30 is toolbox (PID=0)"
Error: invalid entry point PID of container fedora-toolbox-30

I might look into this further when I get the time, but people are welcome to look into this issue to try and fix it. Meanwhile, here's the nix expression to build it: https://github.com/mt-caret/nix-config/blob/55ca5a343feec9c0cdef9d6a035ac9e99d1d0208/packages/toolbox.nix
Note that in order to use toolbox on NixOS, you seem to need the following config:

{
  virtualisation.podman.enable = true;
  services.flatpak.enable = true;
  xdg.portal.enable = true;
}

People seem to be against usage of buildGoModule (see #84826), so if people are interested in seeing this in nixpkgs, someone probably needs to port this to buildGoPackage.

@tfmoraes
Copy link
Contributor

tfmoraes commented Nov 7, 2020

Hi @mt-caret ,

I modified a little your nix expression https://github.com/tfmoraes/nixoscfg/blob/main/overlays/pkgs/toolbox/default.nix

I added a patch to check if /mtn exists (it not exists in my system for instance). I also changed to copy profile.d/toolbox.sh to $out/share/profile.d/toolbox.sh and it's mapping this file inside the container.

I'm having the same error. So I tried to start the container using podman, this way:

❯ podman start  --interactive  -a  fedora-toolbox-33                                                                                                                                                        
WARN[0000] cannot toggle freezer: cgroups not configured for container 
WARN[0000] lstat : no such file or directory            
standard_init_linux.go:219: exec user process caused: no such file or directory

Maybe the problem now is because o cgroups. I don't now.

@mjlbach
Copy link
Contributor

mjlbach commented Jan 22, 2021

I had to submit an upstream patch to fix an error introduced in newer builds with ownership of the toolboxRuntimeDirectory. I think this would be good to have, so I'm interested in carrying on the work. I was able to build toolbox (thanks for the derivation). The biggest issue seems to be this. Trying to start a container with toolbox enter yields:

DEBU[0000] Called inspect.PersistentPostRunE(/nix/store/h9was55f3ir6b2sq5vc96cpgns3qbfz0-podman-2.2.1/bin/podman --log-level debug inspect --format json --type container fedora-toolbox-32)
DEBU Entry point PID is a float64
DEBU Entry point of container fedora-toolbox-32 is toolbox (PID=0)
Error: invalid entry point PID of container fedora-toolbox-32

See this issue. Seems that the reported issue occured when host and container glibc don't match. The toolbox binary gets bind-mounted into the fedora container, which may cause issues without the requisite store paths also being mounted. See:

❯ ldd result/bin/toolbox
        linux-vdso.so.1 (0x00007ffe153a4000)
        libpthread.so.0 => /nix/store/m0xa5bz7vw7p43wi0jppvvi3c9vgqvp7-glibc-2.32-25/lib/libpthread.so.0 (0x00007ff8308a5000)
        libc.so.6 => /nix/store/m0xa5bz7vw7p43wi0jppvvi3c9vgqvp7-glibc-2.32-25/lib/libc.so.6 (0x00007ff8306e4000)
        /nix/store/m0xa5bz7vw7p43wi0jppvvi3c9vgqvp7-glibc-2.32-25/lib/ld-linux-x86-64.so.2 => /nix/store/m0xa5bz7vw7p43wi0jppvvi3c9vgqvp7-glibc-2.32-25/lib64/ld-linux-x86-64.so.2 (0x00007ff8308c8000)

Toolbox is kinda leaky by design, so this might be a problem.

Container info WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument DEBU[0000] using runtime "/nix/store/jkg2hzkxc2g05gsbpkb8sybh34j78syh-nvidia-podman/bin/nvidia-container-runtime" INFO[0000] Setting parallel job count to 73
[
    {
        "Id": "fcb973b8961aea2c5baa0bf29adaadd07642bfe3c86786c440a7acf099f7a95a",
        "Created": "2021-01-22T03:33:27.544087095-08:00",
        "Path": "toolbox",
        "Args": [
            "--verbose",
            "init-container",
            "--home",
            "/home/mjlbach",
            "--monitor-host",
            "--shell",
            "/run/current-system/sw/bin/zsh",
            "--uid",
            "1000",
            "--gid",
            "100",
            "--user",
            "mjlbach"
        ],
        "State": {
            "OciVersion": "1.0.2-dev",
            "Status": "stopped",
            "Running": false,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 1,
            "Error": "",
            "StartedAt": "2021-01-22T03:41:30.600521954-08:00",
            "FinishedAt": "2021-01-22T03:41:30.617938105-08:00",
            "Healthcheck": {
                "Status": "",
                "FailingStreak": 0,
                "Log": null
            }
        },
        "Image": "6dcef5596ab1eec012378821968e0b738694b4b512310bb0899aa179f6906393",
        "ImageName": "registry.fedoraproject.org/f32/fedora-toolbox:32",
        "Rootfs": "",
        "Pod": "",
        "ResolvConfPath": "",
        "HostnamePath": "/run/user/1000/containers/overlay-containers/fcb973b8961aea2c5baa0bf29adaadd07642bfe3c86786c440a7acf099f7a95a/userdata/hostname",
        "HostsPath": "",
        "StaticDir": "/home/mjlbach/.local/share/containers/storage/overlay-containers/fcb973b8961aea2c5baa0bf29adaadd07642bfe3c86786c440a7acf099f7a95a/userdata",
        "OCIConfigPath": "/home/mjlbach/.local/share/containers/storage/overlay-containers/fcb973b8961aea2c5baa0bf29adaadd07642bfe3c86786c440a7acf099f7a95a/userdata/config.json",
        "OCIRuntime": "crun",
        "LogPath": "/home/mjlbach/.local/share/containers/storage/overlay-containers/fcb973b8961aea2c5baa0bf29adaadd07642bfe3c86786c440a7acf099f7a95a/userdata/ctr.log",
        "LogTag": "",
        "ConmonPidFile": "/run/user/1000/containers/overlay-containers/fcb973b8961aea2c5baa0bf29adaadd07642bfe3c86786c440a7acf099f7a95a/userdata/conmon.pid",
        "Name": "fedora-toolbox-32",
        "RestartCount": 0,
        "Driver": "overlay",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "EffectiveCaps": [
            "CAP_CHOWN",
            "CAP_DAC_OVERRIDE",
            "CAP_DAC_READ_SEARCH",
            "CAP_FOWNER",
            "CAP_FSETID",
            "CAP_KILL",
            "CAP_SETGID",
            "CAP_SETUID",
            "CAP_SETPCAP",
            "CAP_LINUX_IMMUTABLE",
            "CAP_NET_BIND_SERVICE",
            "CAP_NET_BROADCAST",
            "CAP_NET_ADMIN",
            "CAP_NET_RAW",
            "CAP_IPC_LOCK",
            "CAP_IPC_OWNER",
            "CAP_SYS_MODULE",
            "CAP_SYS_RAWIO",
            "CAP_SYS_CHROOT",
            "CAP_SYS_PTRACE",
            "CAP_SYS_PACCT",
            "CAP_SYS_ADMIN",
            "CAP_SYS_BOOT",
            "CAP_SYS_NICE",
            "CAP_SYS_RESOURCE",
            "CAP_SYS_TIME",
            "CAP_SYS_TTY_CONFIG",
            "CAP_MKNOD",
            "CAP_LEASE",
            "CAP_AUDIT_WRITE",
            "CAP_AUDIT_CONTROL",
            "CAP_SETFCAP",
            "CAP_MAC_OVERRIDE",
            "CAP_MAC_ADMIN",
            "CAP_SYSLOG",
            "CAP_WAKE_ALARM",
            "CAP_BLOCK_SUSPEND",
            "CAP_AUDIT_READ"
        ],
        "BoundingCaps": [
            "CAP_CHOWN",
            "CAP_DAC_OVERRIDE",
            "CAP_DAC_READ_SEARCH",
            "CAP_FOWNER",
            "CAP_FSETID",
            "CAP_KILL",
            "CAP_SETGID",
            "CAP_SETUID",
            "CAP_SETPCAP",
            "CAP_LINUX_IMMUTABLE",
            "CAP_NET_BIND_SERVICE",
            "CAP_NET_BROADCAST",
            "CAP_NET_ADMIN",
            "CAP_NET_RAW",
            "CAP_IPC_LOCK",
            "CAP_IPC_OWNER",
            "CAP_SYS_MODULE",
            "CAP_SYS_RAWIO",
            "CAP_SYS_CHROOT",
            "CAP_SYS_PTRACE",
            "CAP_SYS_PACCT",
            "CAP_SYS_ADMIN",
            "CAP_SYS_BOOT",
            "CAP_SYS_NICE",
            "CAP_SYS_RESOURCE",
            "CAP_SYS_TIME",
            "CAP_SYS_TTY_CONFIG",
            "CAP_MKNOD",
            "CAP_LEASE",
            "CAP_AUDIT_WRITE",
            "CAP_AUDIT_CONTROL",
            "CAP_SETFCAP",
            "CAP_MAC_OVERRIDE",
            "CAP_MAC_ADMIN",
            "CAP_SYSLOG",
            "CAP_WAKE_ALARM",
            "CAP_BLOCK_SUSPEND",
            "CAP_AUDIT_READ"
        ],
        "ExecIDs": [],
        "GraphDriver": {
            "Name": "overlay",
            "Data": {
                "LowerDir": "/home/mjlbach/.local/share/containers/storage/overlay/e4757ef5d0661af142ff70917ba0cc2784155884ae9c2559585ecc4588da3f00/diff:/home/mjlbach/.local/share/containers/storage/overlay/620a2d2ba9748f7be5570f83c3c8292c77896c813e96a16f4cd949f77e608917/diff",
                "MergedDir": "/home/mjlbach/.local/share/containers/storage/overlay/7f2e7730db721e078c4f9ede7d5f31bd3206a64104e56bf51dac402d7b25da92/merged",
                "UpperDir": "/home/mjlbach/.local/share/containers/storage/overlay/7f2e7730db721e078c4f9ede7d5f31bd3206a64104e56bf51dac402d7b25da92/diff",
                "WorkDir": "/home/mjlbach/.local/share/containers/storage/overlay/7f2e7730db721e078c4f9ede7d5f31bd3206a64104e56bf51dac402d7b25da92/work"
            }
        },
        "Mounts": [
            {
                "Type": "bind",
                "Name": "",
                "Source": "/home/mjlbach",
                "Destination": "/home/mjlbach",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rslave"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/nix/store/m5q4fvvdmdw6vw32kppimj4j5lv3njib-toolbox-0.0.99/bin/toolbox",
                "Destination": "/usr/bin/toolbox",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": false,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "devpts",
                "Destination": "/dev/pts",
                "Driver": "",
                "Mode": "",
                "Options": [],
                "RW": true,
                "Propagation": ""
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/etc",
                "Destination": "/run/host/etc",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/run/user/1000",
                "Destination": "/run/user/1000",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "nosuid",
                    "nodev",
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/mnt",
                "Destination": "/mnt",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rslave"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/var",
                "Destination": "/run/host/var",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rslave"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/run/dbus/system_bus_socket",
                "Destination": "/run/dbus/system_bus_socket",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "nosuid",
                    "nodev",
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/dev",
                "Destination": "/dev",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "nosuid",
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rslave"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/tmp",
                "Destination": "/run/host/tmp",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rslave"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/usr",
                "Destination": "/run/host/usr",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rslave"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/run",
                "Destination": "/run/host/run",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "nosuid",
                    "nodev",
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rslave"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/nix/store/m5q4fvvdmdw6vw32kppimj4j5lv3njib-toolbox-0.0.99/share/profile.d/toolbox.sh",
                "Destination": "/etc/profile.d/toolbox.sh",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": false,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/boot",
                "Destination": "/run/host/boot",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rslave"
            }
        ],
        "Dependencies": [],
        "NetworkSettings": {
            "EndpointID": "",
            "Gateway": "",
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "MacAddress": "",
            "Bridge": "",
            "SandboxID": "",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": ""
        },
        "ExitCommand": [
            "/nix/store/h9was55f3ir6b2sq5vc96cpgns3qbfz0-podman-2.2.1/bin/podman",
            "--root",
            "/home/mjlbach/.local/share/containers/storage",
            "--runroot",
            "/run/user/1000/containers",
            "--log-level",
            "debug",
            "--cgroup-manager",
            "systemd",
            "--tmpdir",
            "/run/user/1000/libpod/tmp",
            "--runtime",
            "crun",
            "--storage-driver",
            "overlay",
            "--storage-opt",
            "overlay.mount_program=/nix/store/20jvr53d44d5rxvmicank0hvhfdnf04x-fuse-overlayfs-1.3.0/bin/fuse-overlayfs",
            "--events-backend",
            "journald",
            "--syslog",
            "container",
            "cleanup",
            "fcb973b8961aea2c5baa0bf29adaadd07642bfe3c86786c440a7acf099f7a95a"
        ],
        "Namespace": "",
        "IsInfra": false,
        "Config": {
            "Hostname": "toolbox",
            "Domainname": "",
            "User": "root:root",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "TERM=xterm",
                "container=oci",
                "NAME=fedora-toolbox",
                "FGC=f32",
                "TOOLBOX_PATH=/nix/store/m5q4fvvdmdw6vw32kppimj4j5lv3njib-toolbox-0.0.99/bin/toolbox",
                "VERSION=32",
                "DISTTAG=f32container",
                "XDG_RUNTIME_DIR=/run/user/1000",
                "HOSTNAME=toolbox",
                "HOME=/root"
            ],
            "Cmd": [
                "toolbox",
                "--verbose",
                "init-container",
                "--home",
                "/home/mjlbach",
                "--monitor-host",
                "--shell",
                "/run/current-system/sw/bin/zsh",
                "--uid",
                "1000",
                "--gid",
                "100",
                "--user",
                "mjlbach"
            ],
            "Image": "registry.fedoraproject.org/f32/fedora-toolbox:32",
            "Volumes": null,
            "WorkingDir": "/",
            "Entrypoint": "",
            "OnBuild": null,
            "Labels": {
                "architecture": "x86_64",
                "authoritative-source-url": "registry.fedoraproject.org",
                "build-date": "2021-01-03T16:01:04.882478",
                "com.github.containers.toolbox": "true",
                "com.github.debarshiray.toolbox": "true",
                "com.redhat.build-host": "osbs-node02.iad2.fedoraproject.org",
                "com.redhat.component": "fedora-toolbox",
                "distribution-scope": "public",
                "license": "MIT",
                "maintainer": "Debarshi Ray \u003crishi@fedoraproject.org\u003e",
                "name": "f32/fedora-toolbox",
                "release": "10",
                "summary": "Base image for creating Fedora toolbox containers",
                "usage": "This image is meant to be used with the toolbox command",
                "vcs-ref": "d642b9f32a96b43d5e12c53b6faff94c9d892e99",
                "vcs-type": "git",
                "vendor": "Fedora Project",
                "version": "32"
            },
            "Annotations": {
                "io.container.manager": "libpod",
                "io.kubernetes.cri-o.Created": "2021-01-22T03:33:27.544087095-08:00",
                "io.kubernetes.cri-o.TTY": "false",
                "io.podman.annotations.autoremove": "FALSE",
                "io.podman.annotations.init": "FALSE",
                "io.podman.annotations.label": "disable",
                "io.podman.annotations.privileged": "TRUE",
                "io.podman.annotations.publish-all": "FALSE",
                "org.opencontainers.image.stopSignal": "15"
            },
            "StopSignal": 15,
            "CreateCommand": [
                "/nix/store/h9was55f3ir6b2sq5vc96cpgns3qbfz0-podman-2.2.1/bin/podman",
                "--log-level",
                "debug",
                "create",
                "--dns",
                "none",
                "--env",
                "TOOLBOX_PATH=/nix/store/m5q4fvvdmdw6vw32kppimj4j5lv3njib-toolbox-0.0.99/bin/toolbox",
                "--env",
                "XDG_RUNTIME_DIR=/run/user/1000",
                "--hostname",
                "toolbox",
                "--ipc",
                "host",
                "--label",
                "com.github.containers.toolbox=true",
                "--label",
                "com.github.debarshiray.toolbox=true",
                "--mount",
                "type=devpts,destination=/dev/pts",
                "--name",
                "fedora-toolbox-32",
                "--network",
                "host",
                "--no-hosts",
                "--pid",
                "host",
                "--privileged",
                "--security-opt",
                "label=disable",
                "--ulimit",
                "host",
                "--userns",
                "keep-id",
                "--user",
                "root:root",
                "--volume",
                "/boot:/run/host/boot:rslave",
                "--volume",
                "/etc:/run/host/etc",
                "--volume",
                "/dev:/dev:rslave",
                "--volume",
                "/run:/run/host/run:rslave",
                "--volume",
                "/tmp:/run/host/tmp:rslave",
                "--volume",
                "/var:/run/host/var:rslave",
                "--volume",
                "/run/dbus/system_bus_socket:/run/dbus/system_bus_socket",
                "--volume",
                "/home/mjlbach:/home/mjlbach:rslave",
                "--volume",
                "/nix/store/m5q4fvvdmdw6vw32kppimj4j5lv3njib-toolbox-0.0.99/bin/toolbox:/usr/bin/toolbox:ro",
                "--volume",
                "/usr:/run/host/usr:rw,rslave",
                "--volume",
                "/run/user/1000:/run/user/1000",
                "--volume",
                "/mnt:/mnt:rslave",
                "--volume",
                "/nix/store/m5q4fvvdmdw6vw32kppimj4j5lv3njib-toolbox-0.0.99/share/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro",
                "registry.fedoraproject.org/f32/fedora-toolbox:32",
                "toolbox",
                "--verbose",
                "init-container",
                "--home",
                "/home/mjlbach",
                "--monitor-host",
                "--shell",
                "/run/current-system/sw/bin/zsh",
                "--uid",
                "1000",
                "--gid",
                "100",
                "--user",
                "mjlbach"
            ],
            "Umask": "0022"
        },
        "HostConfig": {
            "Binds": [
                "/home/mjlbach:/home/mjlbach:rslave,rw,rbind",
                "/nix/store/m5q4fvvdmdw6vw32kppimj4j5lv3njib-toolbox-0.0.99/bin/toolbox:/usr/bin/toolbox:ro,rprivate,rbind",
                "devpts:/dev/pts",
                "/etc:/run/host/etc:rw,rprivate,rbind",
                "/run/user/1000:/run/user/1000:rw,rprivate,nosuid,nodev,rbind",
                "/mnt:/mnt:rslave,rw,rbind",
                "/var:/run/host/var:rslave,rw,rbind",
                "/run/dbus/system_bus_socket:/run/dbus/system_bus_socket:rw,rprivate,nosuid,nodev,rbind",
                "/dev:/dev:rslave,rw,nosuid,rbind",
                "/tmp:/run/host/tmp:rslave,rw,rbind",
                "/usr:/run/host/usr:rw,rslave,rbind",
                "/run:/run/host/run:rslave,rw,nosuid,nodev,rbind",
                "/nix/store/m5q4fvvdmdw6vw32kppimj4j5lv3njib-toolbox-0.0.99/share/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro,rprivate,rbind",
                "/boot:/run/host/boot:rslave,rw,rbind"
            ],
            "CgroupManager": "systemd",
            "CgroupMode": "private",
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "k8s-file",
                "Config": null
            },
            "NetworkMode": "host",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": [],
            "CapDrop": [],
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": [],
            "GroupAdd": [],
            "IpcMode": "host",
            "Cgroup": "",
            "Cgroups": "default",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "host",
            "Privileged": true,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": [
                "label=disable"
            ],
            "Tmpfs": {},
            "UTSMode": "private",
            "UsernsMode": "private",
            "ShmSize": 65536000,
            "Runtime": "oci",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "user.slice",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": 0,
            "OomKillDisable": false,
            "PidsLimit": 2048,
            "Ulimits": [],
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "CgroupConf": null
        }
    }
]

DEBU[0000] Called inspect.PersistentPostRunE(/nix/store/h9was55f3ir6b2sq5vc96cpgns3qbfz0-podman-2.2.1/bin/podman --log-level debug inspect --format json --type container fedora-tool

@mjlbach
Copy link
Contributor

mjlbach commented Jan 22, 2021

I have it running! Hello from vim installed via dnf. It's blocked by my upstream patch which you can follow here: containers/toolbox#675
Screen Shot 2021-01-22 at 4 20 05 AM
Screen Shot 2021-01-22 at 4 21 13 AM

@mjlbach mjlbach mentioned this issue Jan 22, 2021
10 tasks
@tfmoraes
Copy link
Contributor

That's great @mjlbach!!! I think toolbox is a great tool to have in NixOS.

@mjlbach
Copy link
Contributor

mjlbach commented Jan 22, 2021

Agreed! Please test the PR if you have time :) Thanks for your work!

#110473

@debarshiray
Copy link

Very happy to see your interest in Toolbox!

it wanted flatpak for some reason.

I just wanted to point out that Toolbox doesn't actually need Flatpak proper. It's just the flatpak-session-helper daemon which is a D-Bus session service that comes from flatpak.git but is completely separate from the rest of Flatpak. In fact, in Fedora, we ship it is a separate isolated sub-package. The purpose behind this daemon is to keep certain configuration files in the container's /etc synchronized with their counterparts in the host. eg., /etc/resolv.conf, /etc/localtime, etc..

Anyway, good news is that these days, since Toolbox 0.0.97, the flatpak-session-helper daemon is no longer used for newly created containers, because the functionality has been absorbed into Toolbox itself. One big reason was to enable rootful Toolbox containers (ie., sudo toolbox create ...). Older, preexisting containers will continue to use the daemon, though.

@debarshiray
Copy link

See this issue. Seems
that the reported issue occured when host and container
glibc don't match. The toolbox binary gets bind-mounted
into the fedora container, which may cause issues without
the requisite store paths also being mounted.

Just a minor note. The actual issue is containers/toolbox#529 See the related commit for an explanation on how we solved it.

Ideas for better solutions welcome. :)

@stale
Copy link

stale bot commented Aug 21, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Aug 21, 2021
@tgharib
Copy link
Contributor

tgharib commented Aug 24, 2021

This issue is important to me.

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Aug 24, 2021
@i2
Copy link

i2 commented Dec 1, 2021

Any update on this? Can this be merged to upstream and closed?

@debarshiray
Copy link

Is there anything that you need from the Toolbx project?

@mjlbach
Copy link
Contributor

mjlbach commented Dec 1, 2021

There are two remaining roadblocks. To clarify, I no longer use nixos and will probably not work on this (I still am an active toolbox user, just on Fedora :))

  1. Handling glibc updates. Any time the hash of glibc changes in the nix store, all toolbox containers will break (and need to be recreated). I'm sure there is a clever way around this, either a service that runs after a nix-rebuild that updates the bind mounts, or patching toolbox to update the bind mount on each toolbox enter. These seem very nix (or guix) specific)

  2. The SDDM issue, there's nothing I think toolbox should do about this. Nixpkgs could consider carrying the sddm patches until merged upstream.

Anyone is free to takeover #110473, I won't be continuing it. The PR "works" with the caveat of point 1 not being handled, so you'll have to periodically recreate toolboxes.

@tfmoraes
Copy link
Contributor

tfmoraes commented Dec 2, 2021

@debarshiray after the container creation, it's possible to change the bind mounts and ports? Is there a file to edit?

@tfmoraes
Copy link
Contributor

tfmoraes commented Dec 9, 2021

I found this alternative to toolbox https://github.com/89luca89/distrobox

@debarshiray
Copy link

@debarshiray after the container creation, it's possible to change the bind
mounts and ports? Is there a file to edit?

There's no support for doing it easily through a Toolbx-specific configuration file at the moment.

However, you can script something through one of the shell start-up scripts.

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 19, 2022
urandom2 pushed a commit to urandom2/nixpkgs that referenced this issue Dec 13, 2022
SuperSandro2000 added a commit that referenced this issue Dec 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0.kind: packaging request Request for a new package to be added 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants