Toolbox on Silverblue vs on Fedora Workstation

tigerpaws · June 7, 2019, 3:58am

In order to examine how to use containers for development, I ran across this link:
Fedora Toolbox on Silverblue 29: First Impressions!! | by alex285 | Medium
If I follow the instructions there, everything works as described on Silverblue, but when I try it on Fedora workstation (30 in both cases), toolbox cannot start the default container, but I can build it with podman. But then I can’t get the gedit in the container to work, while it works flawlessly in Silverblue. Anybody know what is going on here? Toolbox is documented as working just as well on workstation as on Silverblue.

On workstation 30, toolbox clains it successfully created the container, but

> 
mike@lenny ~]$ toolbox -v enter
toolbox: resolved absolute path for /usr/bin/toolbox to /usr/bin/toolbox
toolbox: TOOLBOX_PATH is /usr/bin/toolbox
toolbox: checking if 'podman system migrate' exists
toolbox: migration not needed: 1.3.1 is unchanged
toolbox: Fedora generational core is f30
toolbox: base image is fedora-toolbox:30
toolbox: container is fedora-toolbox-30
toolbox: checking if container fedora-toolbox-30 exists
toolbox: trying to start container fedora-toolbox-30
Error: unable to start container "fedora-toolbox-30": container create failed: time="2019-06-05T23:53:07-04:00" level=fatal msg="try_mapping_tool:243 nsenter: mapping tool not present: Operation not permitted"
time="2019-06-05T23:53:07-04:00" level=fatal msg="nsexec:892 nsenter: failed to sync with parent: read(SYNC_USERMAP_ACK): Invalid argument"
time="2019-06-05T23:53:07-04:00" level=warning msg="no such directory for freezer.state"
time="2019-06-05T23:53:07-04:00" level=warning msg="no such directory for freezer.state"
time="2019-06-05T23:53:07-04:00" level=error msg="container_linux.go:346: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\"\n"
container_linux.go:346: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
: internal libpod error
toolbox: failed to start container fedora-toolbox-30
>

alciregi · June 7, 2019, 5:37am

Which version of toolbox and podman do you have on F30 Workstation?

tigerpaws · June 7, 2019, 3:04pm

Toolbox on workstation is 0.0.10, podman is 1.3.1
on Silverblue, podman is 1.2.0 and I can’t tell what version toolbox is 0.0.8-2

I’ve upgraded Silverblue, now it has toolbox 0.0.10-1, and podman 1.3.1. Now I get the common.pid error mentioned in another post, so I fixed that. It looks like toolbox used the subuid outside the container to set the ownership of the userdata directory. Now I can enter the container, but I can no longer use sudo to install things: it no longer has the suid bit set in the container, and my root password for Silverblue does not work in the container. This seems to be already reported as issue #180 in github.

So I get the chance to rollback for the first time. Rollback downgraded toolbox 0.0.10-1 to 0.0.8-2 and podman 1.3.1-1 to 1.2.0.-2. Works like a charm!! I wiped ~/.local/share/containers and niow everything is back to normal: sudo works in the container, gedit opens perfectly. So I’ll try to reproduce the same on workstation.

But on workstation, after dropping podman to 1.2.0-2, I still have the above error, and dropping toolbox to 0.0.8-2 does not help: The nsenter: mapping tool not present … error is still there. Based on the error messages following, this seems to be a problem with cgroups. So no joy so far.

I will switch to podman 1.3.2 from copr to see if that helps. Stay tuned.