GitXplorerGitXplorer
c

coretoolbox

public
24 stars
5 forks
11 issues

Commits

List of commits on branch master.
Unverified
382b648b32c49a68c10f9cffd7d3d0c8f6ac7f6a

rustfmt(*)

ccgwalters committed 5 years ago
Unverified
0e2514bbdedacfa47f20627d4fb1cddddbf2ac93

Bind in host's OSTree setup too

ccgwalters committed 5 years ago
Unverified
32dc6c3f40c6f2ec20e22225bb69075d90a0f19a

Add --as-userns-root argument to run

ccgwalters committed 5 years ago
Unverified
f22d7eb3833984b68d46ac186d10d737effdf4e9

Only enable sudo if present

ccgwalters committed 5 years ago
Verified
6c76faeb98059f07117032675d87951ba0114fa2

Merge pull request #11 from trown/fix-sudoers-perms

ccgwalters committed 5 years ago
Unverified
ff44f313b3da4d3f3fddeed7c18ed98a9946df81

Make sure /etc/sudoers.d file is not writeable

ttrown committed 5 years ago

README

The README file for this repository.

coreos-toolbox

This is a new implementation of https://github.com/debarshiray/toolbox/

Installation

Be sure you have cargo installed.

Then: cargo install --git https://github.com/cgwalters/coretoolbox

In the future we may invest in packaging this for different distributions, or see about shipping it with e.g. podman by default.

Getting started

One time setup

$ coretoolbox create
<answer questions>
$

Now, each time you want to enter the toolbox:

$ coretoolbox run

One suggestion is to add a "profile" or configuration to your terminal emulator that runs coretoolbox run by default, so that you can easily create new tabs/windows in the toolbox.

Rationale

In order to disambiguate in this text we'll call this tool "ctb", and the other one "dtb".

The main reason to introduce a new tool is that dtb too strongly encourages true "pet" containers, where significant state is stored inside. We want to make it easy for people to build their own toolbox "base images" derived from the upstream image. For example, rather than doing yum install cargo inside a toolbox container, you use a Dockerfile that does:

FROM registry.fedoraproject.org/f30/fedora-toolbox:30
RUN yum -y install cargo

The toolbox command should ideally have at least a basic concept of a "build" that regenerates the base container, but at a minimum should support more easily specifying that base image.

A related problem with dtb is that it actually does create a derived image locally with e.g. the username added; this forces the image to be specific to one user or machine.

What "ctb" does instead is inject dynamic state (username, HOME path) into the container at runtime. This allows a lot more flexibility.

Today "dtb" has a hardcoded list of bind mounts for e.g. HOME and the DBus system bus socket. I ran into a case where I wanted e.g. the system libvirt socket.

In general, we aren't trying to confine toolbox - it's a privileged container. So "ctb" takes the approach of mounting in most things from the host into the /host directory, and then uses symlinks into /host. This again makes everything a lot more flexible as the set of things exposed can easily be changed while the container is running.

Finally, ctb is written in a real programming language; bash gets problematic once one goes beyond 10-20 lines of code.

License

Licensed under either of