Podman does not launch inside default toolbox

Hello everybody,

today I wanted to try out podman inside a container (toolbox).
It did not work, the podman command seems not to do anything.
I am using Fedora Silverblue 31.20200214.0

My stepts:
toolbox enter
sudo dnf install podman
set -x
podman run

From the last command I simply get back
+ podman run

You are missing the image name in the podman run command.

The observed behaviour does not change, if I complete the command with sufficient parameters.

All commands including podman run, podman ps, you name it, do not work.

Do you realise that the toolbox container is a podman container?

I am not even sure that is expected to work.

Why not create and run the container on the host os?

By default, the toolbox command works in toolbox containers. podman does not. However, if you want to use podman from within a toolbox container, you can use flatpak-spawn --host to run a command from outside the toolbox from within the toolbox.

If you alias podman to flatpak-spawn --host podman inside your container, then it’ll run your system’s podman command from within the container.

This is mainly useful if you have a terminal set up to launch your dev environment as a toolbox container and you want to run a command outside of your container sometimes.

(For what it’s worth, some commands already seem to mostly “just work” inside a container, like toolbox and rpm-ostree.)

1 Like

Just asking for understanding, but how does the flatpak command work when the container is not a flatpak nor using the flatpak runtime?
[Edit]: Okay so I tried it using the Podman ps command and it worked. Still I would like to know how this was accomplished. I didn’t think of using the flatpak-spawn command like that.

Flatpak, podman, and ostree all share various pieces of code at different levels. (And toolbox is basically a wrapper on top of podman.)

As a result, flatpak-spawn --host also happens to work from within toolbox (really: podman) containers to escape the container and run a command on the host.

The documantation (man page) for flatpak-spawn says the following about the --host flag:

Run the command unsandboxed on the host. This requires access to the org.freedesktop.Flatpak D-Bus interface

So, basically, flatpak-spwan --host routes around being contained by using d-bus (a protocol & server for communication between pieces of software on Linux) to ask your system to run the command outside of the container.

My understanding is that there’s a bunch of handwavy permissions and assumptions between the command line in the container and what happens on the host that are taken care of by toolbox, podman, session stuff, etc.

(If I’m wrong, or someone knows how it works better than my description above, please feel free to share.)

Even shorter summary: I saw someone on the forum mention using flatpak-spawn --host in a toolbox container a while back and it worked. I remembered the command and shared it here. :wink:

1 Like

I guessed it had something to do with the fact all use lib-ostree, and the use of dbus. I was just wondering about the specifics, I think, of how the action was completed. So I guess that Flatpak (the command) is part of the standard toolbox container, which would be due to the image it comes from.

The reason why Toolbox works inside of Toolbox containers is that the tool is prepared for such a scenario. The code can be found here: https://github.com/containers/toolbox/blob/master/toolbox#L2276.

In the future Toolbox should be able to provide shim binaries to known tools and a tool to create such binaries that would execute the commands automatically using flatpak-spawn --host. (https://github.com/containers/toolbox/issues/145)