Toolbox

As an immutable host, Fedora Sericea is an excellent platform for container-based development and, for working with containers, buildah and podman are recommended.

Fedora Sericea also comes with the toolbox utility, which uses containers to provide an environment where development tools and libraries can be installed and used.

Why use toolbox?

Toolbox makes it easy to use a containerized environment for everyday software development and debugging. On immutable operating systems, like Fedora Sericea, it provides a familiar package-based environment in which tools and libraries can be installed and used. However, toolbox can also be used on package-based systems.

Using Toolbox for running your workflows in a containerized manner brings you several advantages:

  • It keeps the host OS clean and stable, and helps to avoid the clutter that can happen after installing lots of development tools and packages.

  • You get access to different versions of supported distributions independent of the version you are running.

  • Containers are a good way to isolate and organise the dependencies needed for different projects.

  • Containers are a safe space to experiment: if things go wrong, it’s easy to throw a toolbox away and start again.

However, it is very important to note that toolbox containers are still integrated with your host system, so you should not attempt to do things or run software you otherwise wouldn’t on your host system. Toolbox containers are not completely isolated environments like virtual machines.

How it works

Toolbox takes the work out of using containers, by providing a small number of simple commands to create, enter, list and remove containers. It also integrates toolbox containers into your regular working environment, to make it easy for you to use them as an everyday development space.

Containers are created from images and those are usually a very stripped down version of distributions. In such images there are almost no tools and documentation available. The team behind Toolbox maintains a Fedora image where such tools and documentation are available, providing a good out of the box experience.

Each toolbox container is an environment that you can enter from the command line. Inside each one, you will find:

  • Your existing username and permissions

  • Access to your home directory and several other locations

  • Access to both system and session D-Bus, system journal and Kerberos

  • Common command lines tools, including a package manager (e.g., DNF on Fedora)

In other words, toolbox containers look, feel and behave like a standard Linux command line environment. By connecting all this information, toolbox containers lose a certain amount of security gained by using the containers technology. Therefore, you should not treat toolbox containers as a sandbox where you can execute any script you would never run on any other system.

In most cases, when a command is run inside a container, the program from inside the container is used. However, there are a few special cases where the program on the host is used instead (using flatpak-spawn). One example of this is the toolbox command itself; this makes it possible to use toolbox from inside toolbox containers.

Installation

Fedora Sericea

Toolbox is preinstalled on Fedora Sericea.

Your first toolbox

Once toolbox is installed, two simple commands are required to get started:

$ toolbox create

This will download an OCI image and create a toolbox container from it. Once this is complete, run:

$ toolbox enter

Once inside the toolbox, you can access common command line tools, and install new ones using a package manager (e.g., DNF on Fedora).

When the prompt is inside a toolbox, it is prepended with a diamond: this indicates that the prompt is inside a toolbox container. The diamond symbol may not be present if you use a custom shell theme.

Commands and usage

toolbox create [options] <name>

Creates a toolbox container. This will download an OCI image if one isn’t available (this is required to create the container). By default an image matching the version of the host is used. If the host system does not have a matching image, a Fedora image is used instead.

Used without options, toolbox create will automatically name the container it creates. To create additional toolboxes, use the <name> argument.

To use a specific version of the host system (e.g., Fedora 32 on Fedora 34), use the --release <release> | -r <release> option.

To use a different distribution to create a toolbox container (e.g., RHEL on Fedora), use the --distro <distro> | -d <distro> option.

To use a different image, use the --image <name> | -i <name> option.

toolbox enter [options] <name>

Enters a toolbox for interactive use. Used without options, toolbox enter opens the default toolbox.

To enter a toolbox with specific name, use the name argument.

To enter a toolbox for a different distribution (e.g., Fedora on RHEL), use the --distro <distro> |-d <distro> option.

To enter a toolbox with specific version (e.g., RHEL 8.1 on RHEL 8.3), use the --release <release> | -r <release> option.

toolbox run [options] <cmd> <arg …​>

Runs a command in a toolbox without entering it. Used without options, toolbox run runs the command in the default toolbox.

To run a command in a toolbox with specific name, use the --container <name> | -c <name> option.

To run a command in a toolbox for a different distribution (e.g., Fedora on RHEL), use the --distro <distro> |-d <distro> option.

To run a command in a toolbox with specific version (e.g., RHEL 8.1 on RHEL 8.3), use the --release <release> | -r <release> option.

toolbox list [options]

Lists local toolbox images and containers.

To only show containers, use the --containers | -c option.

To only show images, use the --images | -i option.

toolbox rm [options] <name …​>

Removes one or more toolbox containers.

The --force | -f option removes the marked containers even if they are running.

The --all | -a option removes all toolbox containers.

toolbox rmi [options] <name …​>

Removes one or more toolbox images.

The --force | -f option removes the marked images and all containers that have been created using the marked images.

The --all | -a option removes all toolbox images.

toolbox --help

Shows Toolbox’s manual page.

Exiting a toolbox

To return to the host environment, either run exit or quit the current shell (typically Ctrl+D).

Under the hood

Toolbox uses the following technologies:

Contact and issues

To report issues, make suggestions, or contribute fixes, see toolbox’s GitHub project.

To get in touch with toolbox users and developers, use Fedora’s Discourse instance, or join the #silverblue IRC channel on Libera.