Creating toolbx with custom settings

Hi, I thought I would drop some info on how one could easily create customised toolbox containers. I believe you could tweak some settings safely like hostname of toolbox or add some podman flags to it ( sharing some volumes, adding cpu limits etc)

There are also other options that one could tweaks such as home directory, shell etc, however obviously if toolbox creators would want us to change those options then those flags would be exposed to their CLI so if you choose to change them you could consider yourself entering a “warranty void and no support” area.

You can get the “current” flags toolbox is creating container using podman by executing :

podman inspect fedora-toolbox-35 | jq -r '.[0].Config.CreateCommand | join(" ")'

Which then you could translate to custom creation script like below:

#!/bin/bash
toolbox_name="fedora-toolbox-35-custom"
toolbox_hostname="fedora-toolbox-custom"
toolbox_home=$HOME
toolbox_user=$USER
toolbox_shell=$SHELL
UID=$(id -u)
GID=$(id -g)

args=(
    --name $toolbox_name
    --hostname $toolbox_hostname
    --dns none
    --env TOOLBOX_PATH=/usr/bin/toolbox
    --env XDG_RUNTIME_DIR=/run/user/$UID
    --ipc host
    --label com.github.containers.toolbox=true
    --mount type=devpts,destination=/dev/pts
    --network host
    --no-hosts
    --pid host
    --privileged
    --security-opt label=disable
    --ulimit host
    --userns keep-id
    --user root:root
    --volume /:/run/host:rslave
    --volume /dev:/dev:rslave
    --volume /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
    --volume $toolbox_home:$toolbox_home:rslave
    --volume /usr/bin/toolbox:/usr/bin/toolbox:ro
    --volume /run/user/$UID:/run/user/$UID
    --volume /run/avahi-daemon/socket:/run/avahi-daemon/socket
    --volume /run/.heim_org.h5l.kcm-socket:/run/.heim_org.h5l.kcm-socket
    --volume /run/pcscd/pcscd.comm:/run/pcscd/pcscd.comm
    --volume /run/media:/run/media:rslave
    --volume /etc/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro
)

toolbox_create_command=(
    podman
    --log-level error
    create ${args[@]}
    registry.fedoraproject.org/fedora-toolbox:35
    toolbox
    --log-level debug
    init-container
    --home $toolbox_home
    --shell $toolbox_shell
    --user $toolbox_user
    --uid $UID
    --gid $GID
    --monitor-host
    --home-link
    --media-link
    --mnt-link
)

echo ${toolbox_create_command[@]}
3 Likes