Podman run command in a container instead of toolbox

I’ve been running a lot of stuff in containers, but it seems some basic knowledge is still lacking… ;(
I have coreos running on an old headless atom pc. Just for fun. Currently toolbox is broken on coreos.

Normally on my silverblue laptop I run neovim from a toolbox container on host files with an alias and this works great!
alias nvim=“toolbox run -c apps nvim”
If my current working directory is anywhere on the host I can run

nvim ~/bin/sript.sh

or if im in the .config directory I can just type

nvim configfile 

and edit and :wq.

But on my coreos(and same on silverblue) I created an ‘apps’ image, and trying to reproduce the same functionality as toolbox.

I am able to mount my home directory with no permission problems. But if I am in the .config directory and type nvim configfile, it will not open the file, but rather create a new configfile in the home directory. If I don’t set WORKDIR in the dockerfile it will try to create the file in /

My container curently has no WORKDIR or ENTRYPOINT defined in the Dockerfile. I have this wrapper script:

[core@zbox bin]$ cat nvim 
#!/bin/bash
podman run -it --rm \
  --privileged \
  --net host \
  --security-opt label=disable \
  --userns=keep-id \
  --user=1000:1000 \
  --name apps \
  -v /home/me:/home/me:z \
apps nvim $@ 
[core@zbox bin]$

What magic is toolbox doing to respect either the path or current directory? Any better way of doing this?

Hi,

You can pass the WORKDIR and the ENTRYPOINT to the podman runif you need it:

podman run -it --rm \
  --privileged \
  --net host \
  --security-opt label=disable \
  --userns=keep-id \
  --user=1000:1000 \
  --name apps \
  -v /home/me:/home/me:z \
  --workdir $PWD \
  --entrypoint /usr/bin/nvim \
apps $@ 

I didn’t try, but something like this should work.
Podman does more magic, but I guess that for that user case, it should do the trick.

Awesome! Thanks that did it. I had a bit of fiddling to do on the coreos box, as it was slightly different than the silverblue laptop. But super pleased with that. Now I can do the same with a few other things. Its been my objective to not add any overrides, and so the only one I have is a custom xkeyboard-config. Everything else is in a container, toolbox or flatpak!!

ok just as a footnote, to get thiis really working the way i wanted, I had to add the home directory of the user in the dockerfile as /var/home/user to corrrespond with the host file system. Otherwise --workdir $PWD would resolve to /var/home/user/somewhere.

If I mounted -v /home/user:/home/user then I would get an OCI chdir error (as /var/home/user/something didn’t exist in the container.

If I mounted -v /home/uiser:/var/home/user or -v /var/home/user:/var/home/user this partially worked as then it actually creates /var/home in the container with the host /var/home/user directory. However then the problem was the user’s actual home directory in the passw file was /home/user.

My soluttion was to have the following in the Dockerfile:

FROM fedora:33

RUN useradd -m -d /var/home/username -s /bin/bash -p '*' -G wheel username 
RUN sed -i '/^#auth/s/^#//g' /etc/pam.d/su 
RUN sed -e 's;^# \(%wheel.*NOPASSWD.*\);\1;g' -i /etc/sudoers
RUN dnf install some stuff
USER username

and then the wrapper script for nvim (modified for other stuff):

#!/bin/bash
podman run -it --rm \
  --privileged \
  --net host \
  --security-opt label=disable \
  --userns=keep-id \
  --user=1000:1000 \
  --name nvim \
  -v /var/home/username/:/var/home/username \
  --workdir $PWD \
  --entrypoint /usr/bin/nvim \
  faketoolbox $@ 

Note: I rebased my coreos to ‘next’ so now at least the version of podman corresponds to silverblue F32. But no sign of toolbox working yet. So this at least lets me run a few things in the mean time!