Rootfs Podman

I like to isolate my development environments, since I am a student and every course has a different software stack some matlab some python some c++, I get a shit ton of stuff to install, than then becomes useless, and I am left with million useless annoying configuration files all over the place and other dead files lingering somewhere unknown in my filesystem.

It is therefore quite useful for me to isolate, I have been struggling with finding a good candidate for this task.

So far I have tried

• docker containers
• flox (nix wrapper)
• incus (which is some lxc/lxd container manager)
• and probably some others

containers are a pain in the ass, because they dont have necessary software installed on them,

incus containers are therefore much better because they are not as lightweight as docker containers, they are very powerful in fact, and super useful to run other distros in case you need some specfic software

so far however flox has been the winner.

However, whenever I work with flox at some point I run into issues with mismatch between libraries, some software expects one library but gets another one because it’s looking in the wrong place

so all of this in the end, creates quite some problems which then I have to resolve and waste time however I am insane so I am still trying to find some nice way that doesnt cause me too much hustle

right now I have been trying something which I think is quite interesting

I learned that containers use something called chroot to isolate their file system from the host filesystem

so i’ve been playing with chroot and first I was trying to do it via the voidlinux way. There are two commands xvoidstrap and xchroot

this works pretty well, you have a minimal container installed in a folder and then enter bash shell where root is the contents of that directory.

However what made me not like it, is that the files inside of that directory are owned by the host root user,

so I was looking into different ways on how to create such a chroot without sudo privilages, I was trying bwrap (bubblewrap), but always ran into issues like networking etc.

Then I came across podman

podman which is a container enginge (dont know if thats a correct way to call those things ?) well anyways it’s like docker but runs rootless containers

and there is a way to run the filesystem contained in my directory,

basically you call podman run -it --rootfs $PWD /bin/bash for example

then you are in a container working in that directory, you dont need to run it with sudo and all the files in the directory are owned by your host user (not root)

so this is pretty cool in fact because it’s then quite easy to interact with the container from the outside !

you litterally can go inside the containers filesystem on your host very easily and start changing stuff with your favourite editor.

much better than having to bind directories when using docker !, I am quite surprised I only learned about this now,

Don’t really know why docker devcontainers are a thing at this point, it looks like there are many better alternatives !

heres some fish script for creating such containers

function _rootfs_create
    set rootfs_name (wget -q -O - https://repo-default.voidlinux.org/live/current/ | \
                grep -oP 'void-x86_64-ROOTFS-\d{8}\.tar\.xz' | \
                sort | \
                tail -n 1)

    mkdir .env
    cd .env

    gum spin --title "downloading $rootfs_name" -- \
    wget "https://repo-default.voidlinux.org/live/current/$rootfs_name"

    gum spin --title "extracting $rootfs_name" -- \
    tar xvf $rootfs_name -C .

    ln -s $PWD/root $PWD/../home

    gum spin --title "FUCK YOU ! installing stuff into the rootfs" -- \
    podman run -it --rootfs $PWD xbps-install -y -Su \
        fish-shell

    gum log --message.foreground="04" "DONE !"
    podman run -it --rootfs $PWD fish
    _rootfs_start

    cd ..
end

function _rootfs_start
    podman run -it --rootfs $PWD/.env fish -C "cd ~"
end

function rootfs
    if test -d .env
        _rootfs_start
    else
        _rootfs_create
    end
end