Is possible to use qemu/kvm, virtmanager ... in Silverblue without layering?

I landed in this post, but tbh i didnt understand

i currently have layered the virtualizations stuffs but would like to move to a toolbox container if possible

gnome boxes as flatpak also didnt work without layering the virtualizations dependencies

To run the Virtual stuff you do need a rootful container like systemd-nspawn but distrobox & podman can also accomplish this.

Here is a guide from distrobox ;

The systemd-nspawn approach is a little more complicated ( in fact many people have never heard of systemd-nspawn )

Create Minimal Fedora Container:

  • sudo dnf -y --releasever=3X --installroot=/var/lib/machines/fedora-container --disablerepo='*' --enablerepo=fedora,updates,updates-testing group install minimal-environment

  • Enter the Container:
    sudo systemd-nspawn --directory=/var/lib/machines/fedora-container

  • Install Packages in the Container: virt-manager and its dependencies:

  • dnf install virt-manager

  • Start libvirtd: Ensure the libvirtd service is running inside the container:

  • systemctl start libvirtd

Exit Container: Exit the container’s shell:

  • exit

  • SELinux Labeling (if needed): If SELinux labels are not set correctly within the container, you might need to relabel the container’s contents. To relabel, you can use:

  • personal note : Dan Walsh made changes sometime later where sandbox and container kinda are the same ??? see : container_t versus svirt_lxc_net_t: danwalsh — LiveJournal My preference was _sandbox_t

  • sudo chcon -R system_u:object_r:container_file_t:s0 /var/lib/machines/fedora-container

  • Access virt-manager: Access virt-manager from the host system by launching it and connecting to the libvirt daemon running inside the container:

virt-manager --connect=qemu+ssh://root@localhost/system

This is a little bit confusing for some people, but this is how we did it before podman and toolbox came around. It was confusing as all hell too ! :joy: These intructions are a little dated so bear with me.

I think distrobox is more so recommended at this point.

1 Like

thanks bro ! very detailed

And do you think in terms of the security, worth the effort to instead of layering the virtualization stuffs (current approach that im using) use the distrobox alternative (i would have to layer distrobox i suppose) ?

I also tried to use gnome-boxes flatpak to not mess with system os, but when i run it , it says “No kvm”

I would honestly go with distrobox IMO. The systemd-nspawn is a bit harder to manage and I have not done it in quite some time (F30-34 era). Those are old script instructions I had from builds, before flatpak was popular.
The container flow is simply a more isolated build, but once you get it right, you are good ! Recently The developer of distrobox was on Brodie Robertsons YouTube channel talking about this specifically and when he decided to make it.

toolbox is limiting in this way because it throws everything in /home. Which can lead to issues with different versions and tools. This type of container using distrobox or podman/systemd-nspawn does not work that way.

You might come through some hurdles, so post your work here if you need help, I’m a bit limited but will try what I can.

I would ignore gnome-boxes. It’s not meant for heavy use IMO.

1 Like

bro, do you know if is possible to do that with toolbox instead of distrobox ?

toolbox is for rootless containers. Not 100% sure if can, but I can say form experience, that dealing with toolbox config files is a pain.

1 Like

would be better to distrobox become the default, a lot of folks layer it

Honestly, distrobox is just a wrapper script around podman. . . Which is a wrapper script around systemd-nspawn ! :joy:

There’s a ton of nerdy things happening for them to make rootless containers which is really cool, and distrobox being more flexible makes it a really good tool to use.

podman not having the documentation needed for better adoption is a hold back for the project, and toolbox lack of flexibilty is an issue of stubborness more than feature creep.

I would personally use podman & systemd-nspawn more but being root can be a problem. toolbox falls short for me, and not being able to choose a different /home for things holds it back.

1 Like

thanks bro, and just curiosity, may you know why gnome-boxes dont work in flatpak with silverblue ? i tried it and says “something went wrong! No KVM”

i have virtualization enabled on my machine, the reason it didnt work annoys me

i know that gnome-boxes is not powerfull as kvm, but for not heaving lift stuffs i think it could suit, and the plus is i dont have to layer it , if it works …

AFAIU podman does not use or need systemd-nspawn.

1 Like

Just a guess here but probably because /dev/kvm wasn’t mapped into the flatpak. See the --device in the flatpak-run man page.

1 Like

English is not my native language, so please excuse me if I’m not reading this correctly, but IMHO Podman has pretty good documentation.

you were right bro, thanks !