distrobox(1)
\f[C] distrobox-upgrade \f[R]
Description
DISTROBOXDISTROBOX-CREATE
COMPATIBILITY
This project does not need a dedicated image. It can use any OCI images from docker-hub, quay.io, or any registry of your choice.
Many cloud images are stripped down on purpose to save size and may not include commands such as which, mount, less or vi). Additional packages can be installed once inside the container. We recommend using your preferred automation tool inside the container if you find yourself having to repeatedly create new containers. Maintaining your own custom image is also an option.
The main concern is having basic Linux utilities (mount), basic user management utilities (usermod, passwd), and sudo correctly set.
SUPPORTED CONTAINER MANAGERS
distrobox can run on either podman or docker
It depends either on podman configured in rootless mode or on docker configured without sudo (follow THESE instructions (https://docs.docker.com/engine/install/linux-postinstall/))
|
• |
Minimum podman version: 2.1.0 |
|||
|
• |
Minimum docker version: 18.06.1 |
Follow the official installation guide here:
|
• |
<https://podman.io/getting-started/installation> |
|||
|
• |
<https://docs.docker.com/engine/install> |
|||
|
• |
<https://docs.docker.com/engine/install/linux-postinstall/> |
CONTAINERS DISTROS
Distrobox guests tested successfully with the following container images:
Note however that if you use a non-toolbox preconfigured image (e.g. images pre-baked to work with <https://github.com/containers/toolbox>), the first distrobox-enter you’ll perform can take a while as it will download and install the missing dependencies.
A small time tax to pay for the ability to use any type of image. This will not occur after the first time, subsequent enters will be much faster.
NixOS is not a supported container distro, and there are currently no plans to bring support to it. If you are looking for unprivlaged NixOS environments, we suggest you look into nix-shell (https://nixos.org/manual/nix/unstable/command-ref/nix-shell.html).
NEW DISTRO SUPPORT
If your distro of choice is not on the list, open an issue requesting support for it, we can work together to check if it is possible to add support for it.
Or just try using it anyway, if it works, open an issue and it will be added to the list!
OLDER DISTRIBUTIONS
For older distributions like CentOS 5, CentOS 6, Debian 6, Ubuntu 12.04, compatibility is not assured.
Their libc version is incompatible with kernel releases after >=4.11. A work around this is to use the vsyscall=emulate flag in the bootloader of the host.
Keep also in mind that mirrors could be down for such old releases, so you will need to build a custom distrobox image to ensure basic dependencies are met.
NAME
distrobox create
distrobox-create
DESCRIPTION
distrobox-create takes care of creating the container with input name and
image. The created container will be tightly integrated with the host,
allowing sharing of the HOME directory of the user, external storage,
external usb devices and graphical apps (X11/Wayland), and audio.
SYNOPSIS
distrobox create
--image/-i: image to use for the container default: registry.fedoraproject.org/fedora-toolbox:36
--name/-n: name for the distrobox default: my-distrobox
--pull/-p: pull latest image unconditionally without asking
--yes/-Y: non-interactive, pull images without asking
--root/-r: launch podman/docker with root privileges. Note that if you need root this is the preferred
way over "sudo distrobox" (note: if using a program other than 'sudo' for root privileges is necessary,
specify it through the DBX_SUDO_PROGRAM env variable, or 'distrobox_sudo_program' config variable)
--clone/-c: name of the distrobox container to use as base for a new container
this will be useful to either rename an existing distrobox or have multiple copies
of the same environment.
--home/-H select a custom HOME directory for the container. Useful to avoid host's home littering with temp files.
--volume additional volumes to add to the container
--additional-flags/-a: additional flags to pass to the container manager command
--init-hooks additional commands to execute during container initialization
--pre-init-hooks additional commands to execute prior to container initialization
--init/-I use init system (like systemd) inside the container.
this will make host's processes not visible from within the container.
--compatibility/-C: show list of compatible images
--help/-h: show this message
--no-entry: do not generate a container entry in the application list
--dry-run/-d: only print the container manager command generated
--verbose/-v: show more verbosity
--version/-V: show version
COMPATIBILITY
for a list of compatible images and container managers, please consult the man page:
man distrobox
man distrobox-compatibility
or consult the documentation page on: https://github.com/89luca89/distrobox/blob/main/docs/compatibility.md#containers-distros
EXAMPLES
distrobox create --image alpine:latest --name test --init-hooks "touch /var/tmp/test1 && touch /var/tmp/test2"
distrobox create --image fedora:35 --name test --additional-flags "--env MY_VAR-value"
distrobox create --image fedora:35 --name test --volume /opt/my-dir:/usr/local/my-dir:rw --additional-flags "--pids-limit -1"
distrobox create -i docker.io/almalinux/8-init --init --name test --pre-init-hooks "dnf config-manager --enable powertools && dnf -y install epel-release"
distrobox create --clone fedora-35 --name fedora-35-copy
distrobox create --image alpine my-alpine-container
distrobox create --image registry.fedoraproject.org/fedora-toolbox:35 --name fedora-toolbox-35
distrobox create --pull --image centos:stream9 --home ~/distrobox/centos9
You can also use environment variables to specify container name, image and
container manager:
DBX_CONTAINER_MANAGER="docker" DBX_NON_INTERACTIVE=1 DBX_CONTAINER_NAME=test-alpine DBX_CONTAINER_IMAGE=alpine distrobox-create
Supported environment variables:
DBX_CONTAINER_ALWAYS_PULL
DBX_CONTAINER_CUSTOM_HOME
DBX_CONTAINER_HOME_PREFIX
DBX_CONTAINER_IMAGE
DBX_CONTAINER_MANAGER
DBX_CONTAINER_NAME
DBX_NON_INTERACTIVE
DBX_SUDO_PROGRAM
DBX_CONTAINER_HOME_PREFIX defines where containers’ home directories will
be located. If you define it as ~/dbx then all future containers’ home
directories will be ~/dbx/$container_name
The --additional-flags or -a is useful to modify defaults in the container
creations. For example:
distrobox create -i docker.io/library/archlinux -n dev-arch
podman container inspect dev-arch | jq '.[0].HostConfig.PidsLimit'
2048
distrobox rm -f dev-arch
distrobox create -i docker.io/library/archlinux -n dev-arch --volume $CBL_TC:/tc --additional-flags "--pids-limit -1"
podman container inspect dev-arch | jq '.[0].HostConfig,.PidsLimit'
0
Additional volumes can be specified using the --volume flag. This flag
follows the same standard as docker and podman to specify the mount point
so --volume SOURCE_PATH:DEST_PATH:MODE.
distrobox create --image docker.io/library/archlinux --name dev-arch --volume /usr/share/:/var/test:ro
During container creation, it is possible to specify (using the
additional-flags) some environment variables that will persist in the
container and be independent from your environment:
distrobox create --image fedora:35 --name test --additional-flags "--env MY_VAR-value"
The --init-hooks is useful to add commands to the entrypoint (init) of the
container. This could be useful to create containers with a set of
programs already installed, add users, groups.
distrobox create --image fedora:35 --name test --init-hooks "dnf groupinstall -y \"C Development Tools and Libraries\""
The --init is useful to create a container that will use its own separate
init system within. For example using:
distrobox create -i docker.io/almalinux/8-init --init-hooks "dnf install -y openssh-server" --init --name test
Inside the container we will be able to use normal systemd units:
~$ distrobox enter test
user@test:~$ sudo systemctl enable --now sshd
user@test:~$ sudo systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-01-28 22:54:50 CET; 17s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 291 (sshd)
Note that enabling --init will disable host’s process integration. From
within the container you will not be able to see and manage host’s
processes. This is needed because /sbin/init must be pid 1.
The --home flag let’s you specify a custom HOME for the container. Note
that this will NOT prevent the mount of the host’s home directory, but will
ensure that configs and dotfiles will not litter it.
From version 1.4.0 of distrobox, when you create a new container, it will
also generate an entry in the applications list.
DISTROBOX-ENTER
NAME
distrobox enter
distrobox-enter
DESCRIPTION
distrobox-enter takes care of entering the container with the name
specified. Default command executed is your SHELL, but you can specify
different shells or entire commands to execute. If using it inside a
script, an application, or a service, you can specify the –headless mode to
disable tty and interactivity.
SYNOPSIS
distrobox enter
--name/-n: name for the distrobox default: my-distrobox
--/-e: end arguments execute the rest as command to execute at login default: bash -l
--no-tty/-T: do not instantiate a tty
--no-workdir/-nw: always start the container from container's home directory
--additional-flags/-a: additional flags to pass to the container manager command
--help/-h: show this message
--root/-r: launch podman/docker with root privileges. Note that if you need root this is the preferred
way over "sudo distrobox" (note: if using a program other than 'sudo' for root privileges is necessary,
specify it through the DBX_SUDO_PROGRAM env variable, or 'distrobox_sudo_program' config variable)
--dry-run/-d: only print the container manager command generated
--verbose/-v: show more verbosity
--version/-V: show version
EXAMPLES
distrobox-enter --name fedora-toolbox-35 -- bash -l
distrobox-enter my-alpine-container -- sh -l
distrobox-enter --additional-flags "--preserve-fds" --name test -- bash -l
distrobox-enter --additional-flags "--env MY_VAR=value" --name test -- bash -l
MY_VAR=value distrobox-enter --additional-flags "--preserve-fds" --name test -- bash -l
You can also use environment variables to specify container manager and
container name:
DBX_CONTAINER_MANAGER="docker" DBX_CONTAINER_NAME=test-alpine distrobox-enter
Supported environment variables:
DBX_CONTAINER_NAME
DBX_CONTAINER_MANAGER
DBX_SKIP_WORKDIR
DBX_SUDO_PROGRAM
This is used to enter the distrobox itself. Personally, I just create
multiple profiles in my gnome-terminal to have multiple distros accessible.
The --additional-flags or -a is useful to modify default command when
executing in the container. For example:
distrobox enter -n dev-arch --additional-flags "--env my_var=test" -- printenv &| grep my_var
my_var=test
This is possible also using normal env variables:
my_var=test distrobox enter -n dev-arch --additional-flags -- printenv &| grep my_var
my_var=test
If you’d like to enter a rootful container having distrobox use a program
other than ‘sudo’ to run podman/docker as root, such as ‘pkexec’ or ‘doas’,
you may specify it with the DBX_SUDO_PROGRAM environment variable. For
example, to use ‘doas’ to enter a rootful container:
DBX_SUDO_PROGRAM="doas" distrobox enter -n container --root
Additionally, in one of the config file paths that distrobox supports, such
as ~/.distroboxrc, you can also append the line
distrobox_sudo_program="doas" (for example) to always run distrobox
commands involving rootful containers using ‘doas’.
DISTROBOX-EPHEMERAL
NAME
distrobox ephemeral
distrobox-ephemeral
DESCRIPTION
distrobox-ephemeral creates a temporary distrobox that is automatically
destroyed when the command is terminated.
SYNOPSIS
distrobox ephemeral
--root/-r: launch podman/docker with root privileges. Note that if you need root this is the preferred
way over "sudo distrobox" (note: if using a program other than 'sudo' for root privileges is necessary,
specify it through the DBX_SUDO_PROGRAM env variable, or 'distrobox_sudo_program' config variable)
--verbose/-v: show more verbosity
--help/-h: show this message
--/-e: end arguments execute the rest as command to execute at login default: bash -l
--version/-V: show version
EXAMPLES
distrobox-ephemeral --image alpine:latest -- cat /etc/os-release
distrobox-ephemeral --root --verbose --image alpine:latest --volume /opt:/opt
You can also use flags from distrobox-create to customize the ephemeral
container to run.
Refer to
man distrobox-create
or
distrobox-create --help
Supported environment variables:
distrobox-ephemeral calls distrobox-create, SEE ALSO distrobox-create(1) for
a list of supported environment variables to use.
DISTROBOX-EXPORT
NAME
distrobox-export
DESCRIPTION
Application and service exporting
distrobox-export takes care of exporting an app a binary or a service from
the container to the host.
The exported app will be easily available in your normal launcher and it
will automatically be launched from the container it is exported from.
SYNOPSIS
distrobox-export
--app/-a: name of the application to export
--bin/-b: absolute path of the binary to export
--service/-s: name of the service to export
--delete/-d: delete exported application or service
--export-label/-el: label to add to exported application name.
Defaults to (on \$container_name)
--export-path/-ep: path where to export the binary
--extra-flags/-ef: extra flags to add to the command
--sudo/-S: specify if the exported item should be run as sudo
--help/-h: show this message
--verbose/-v: show more verbosity
--version/-V: show version
You may want to install graphical applications or user services in your
distrobox. Using distrobox-export from inside the container will let you
use them from the host itself.
EXAMPLES
distrobox-export --app mpv [--extra-flags "flags"] [--delete] [--sudo]
distrobox-export --service syncthing [--extra-flags "flags"] [--delete] [--sudo]
distrobox-export --bin /path/to/bin --export-path ~/.local/bin [--extra-flags "flags"] [--delete] [--sudo]
App export example
distrobox-export --app abiword
This tool will simply copy the original .desktop files along with needed
icons, add the prefix /usr/local/bin/distrobox-enter -n distrobox_name -e
... to the commands to run, and save them in your home to be used directly
from the host as a normal app.
Service export example
distrobox-export --service syncthing --extra-flags "--allow-newer-config"
distrobox-export --service nginx --sudo
For services, it will similarly export the systemd unit inside the
container to a systemctl --user service, prefixing the various ExecStart
ExecStartPre ExecStartPost ExecReload ExecStop ExecStopPost with the
distrobox-enter command prefix.
The exported services will be available in the host’s user’s systemd
session, so
systemctl --user status exported_service_name
will show the status of the service exported.
Binary export example
distrobox-export --bin /usr/bin/code --extra-flags "--foreground" --export-path $HOME/.local/bin
In the case of exporting binaries, you will have to specify where to export
it (--export-path) and the tool will create a little wrapper script that
will distrobox-enter -e from the host, the desired binary. This can be
handy with the use of direnv to have different versions of the same binary
based on your env or project.
The exported binaries will be exported in the “–export-path” of choice as a
wrapper script that acts naturally both on the host and in the container.
Note that “–export-path” is NOT OPTIONAL, you have to explicitly set it.
Additional flags
You can specify additional flags to add to the command, for example if you
want to export an electron app, you could add the “–foreground” flag to the
command:
distrobox-export --app atom --extra-flags "--foreground"
distrobox-export --bin /usr/bin/vim --export-path ~/.local/bin --extra-flags "-p"
distrobox-export --service syncthing --extra-flags "-allow-newer-config"
This works for services, binaries, and apps. Extra flags are only used
then the exported app, binary, or service is used from the host, using them
inside the container will not include them.
Unexport
The option “–delete” will un-export an app, binary, or service.
distrobox-export --app atom --delete
distrobox-export --bin /usr/bin/vim --export-path ~/.local/bin --delete
distrobox-export --service syncthing --delete
distrobox-export --service nginx --delete
Run as root in the container
The option “–sudo” will launch the exported item as root inside the
distrobox.
Exporting apps from rootful containers
It is worth noting that, when exporting any item - which includes graphical
apps - from rootful containers (created with distrobox create --root), root
privileges will be needed every time the item is launched (in order to
enter the rootful container), which, by default, is done using sudo (see
docs for distrobox-enter on how to customize that). However, for graphical
apps in specific, since they launch without a terminal, the usage of sudo
might, at first, make it impossible to launch them.
To fix this without needing to customize the sudo program, one can define a
global SUDO_ASKPASS environment variable on their machine, which is a PATH
to an executable that is run by sudo when no terminal is available (or when
it is given the --askpass or -A option), and the output of that executable
to stdout is used as the password input. The executable is called as many
times is needed for authentication as root to succeed (unless a limit of
amount of attempts is reached).
To do this, pick a program to ask the user for graphical password input.
In this example, we will use zenity --password, which should be present for
GNOME users (and can also be installed in other DEs) - there are other
options, such as kdialog --password "Message" for KDE users.
Write the call to the desired program to a script file, for example to
/usr/bin/my-password-prompt (sample contents below):
#!/bin/sh
zenity --password "Authentication as root is required"
(You may save the script under, for example, ~/.local/bin if you want to
keep it fully local to your user.)
Afterwards, make it executable (e.g. run sudo chmod +x
/usr/bin/my-password-prompt). Then, make sure to set SUDO_ASKPASS to
"/usr/bin/my-password-prompt" (replace with your script’s path) in a global
profile file, so that it is picked up by sudo when running graphical apps
(and, therefore, sudo will run the script you created to ask for a
password). This is done with the shell line export
SUDO_ASKPASS="/path/to/script/goes/here". You can do this for your user
only by running the command below (replace the script path as needed):
echo 'export SUDO_ASKPASS="/usr/bin/my-password-prompt"' >> ~/.profile
Which appends the appropriate line to the end of your ~/.profile file, thus
making the change local to your user. Alternatively, to set it system-wide
(for all users), you may create a file in /etc/profile.d/ (or equivalent
for your system) with that line.
Now just log out and log back in, and graphical apps exported from rootful
containers should now be properly asking for root’s password before
launching (instead of not opening, if that was the case before).
Notes
Note you can use –app OR –bin OR –service but not together.
distrobox-export --service nginx --sudo
[IMAGE: app-export
(https://user-images.githubusercontent.com/598882/144294795-c7785620-bf68-4d1b-b251-1e1f0a32a08d.png)]
[IMAGE: service-export
(https://user-images.githubusercontent.com/598882/144294314-29a8921f-4511-453d-bf8e-d0d1e336db91.png)]
NOTE: some electron apps such as vscode and atom need additional flags to
work from inside the container, use the --extra-flags option to provide a
series of flags, for example:
distrobox-export --app atom --extra-flags "--foreground"
DISTROBOX-GENERATE-ENTRY
NAME
distrobox generate-entry
DESCRIPTION
distrobox-generate-entry will create a desktop icon for one of the
available distroboxes. This will be then deleted when you remove the
matching distrobox.
SYNOPSIS
distrobox generate-entry
--help/-h: show this message
--all/-a: perform for all distroboxes
--delete/-d: delete the entry
--icon/-i: specify a custom icon [/path/to/icon] (default auto)
--verbose/-v: show more verbosity
--version/-V: show version
EXAMPLES
distrobox-generate-entry container-name [--delete] [--icon [auto,/path/to/icon]]
DISTROBOX-HOST-EXEC
NAME
distrobox-host-exec
DESCRIPTION
distrobox-host-exec lets one execute command on the host, while inside of a
container.
Under the hood, distrobox-host-exec uses host-spawn a project that let’s us
execute commands back on the host. If the tool is not found the user will
be prompted to install it.
SYNOPSIS
Just pass to “distrobox-host-exec” any command and all its arguments, if
any.
distrobox-host-exec [command [arguments]]
--help/-h: show this message
--verbose/-v: show more verbosity
--version/-V: show version
If no command is provided, it will execute “$SHELL”.
Alternatively, use symlinks to make distrobox-host-exec execute as that
command:
~$: ln -s /usr/bin/distrobox-host-exec /usr/local/bin/podman
~$: ls -l /usr/local/bin/podman
lrwxrwxrwx. 1 root root 51 Jul 11 19:26 /usr/local/bin/podman -> /usr/bin/distrobox-host-exec
~$: podman version
...this is executed on host...
EXAMPLES
distrobox-host-exec ls
distrobox-host-exec bash -l
distrobox-host-exec flatpak run org.mozilla.firefox
distrobox-host-exec podman ps -a
DISTROBOX-INIT
NAME
distrobox-init
DESCRIPTION
Init the distrobox (not to be launched manually)
distrobox-init is the entrypoint of a created distrobox. Note that this
HAS to run from inside a distrobox, will not work if you run it from your
host.
This is not intended to be used manually, but instead used by
distrobox-create to set up the container’s entrypoint.
distrobox-init will take care of installing missing dependencies (eg.
sudo), set up the user and groups, mount directories from the host to
ensure the tight integration.
SYNOPSIS
distrobox-init
--name/-n: user name
--user/-u: uid of the user
--group/-g: gid of the user
--home/-d: path/to/home of the user
--help/-h: show this message
--init/-I: whether to use or not init
--pre-init-hooks: commands to execute prior to init
--upgrade/-U: run init in upgrade mode
--verbose/-v: show more verbosity
--version/-V: show version
--: end arguments execute the rest as command to execute during init
EXAMPLES
distrobox-init --name test-user --user 1000 --group 1000 --home /home/test-user
distrobox-init --upgrade
DISTROBOX-LIST
NAME
distrobox list
distrobox-list
DESCRIPTION
distrobox-list lists available distroboxes. It detects them and lists them
separately from the rest of normal podman or docker containers.
SYNOPSIS
distrobox list
--help/-h: show this message
--no-color: disable color formatting
--root/-r: launch podman/docker with root privileges. Note that if you need root this is the preferred
way over "sudo distrobox" (note: if using a program other than 'sudo' for root privileges is necessary,
specify it through the DBX_SUDO_PROGRAM env variable, or 'distrobox_sudo_program' config variable)
--size/-s: show also container size
--verbose/-v: show more verbosity
--version/-V: show version
EXAMPLES
distrobox-list
You can also use environment variables to specify container manager
DBX_CONTAINER_MANAGER="docker" distrobox-list
Supported environment variables:
DBX_CONTAINER_MANAGER
DBX_SUDO_PROGRAM
[IMAGE: image
(https://user-images.githubusercontent.com/598882/147831082-24b5bc2e-b47e-49ac-9b1a-a209478c9705.png)]
DISTROBOX-RM
NAME
distrobox rm
distrobox-rm
DESCRIPTION
distrobox-rm delete one of the available distroboxes.
SYNOPSIS
distrobox rm
--name/-n: name for the distrobox
--force/-f: force deletion
--rm-home: remove the mounted home if it differs from the host user's one
--root/-r: launch podman/docker with root privileges. Note that if you need root this is the preferred
way over "sudo distrobox" (note: if using a program other than 'sudo' for root privileges is necessary,
specify it through the DBX_SUDO_PROGRAM env variable, or 'distrobox_sudo_program' config variable)
--help/-h: show this message
--verbose/-v: show more verbosity
--version/-V: show version
EXAMPLES
distrobox-rm --name container-name [--force]
distrobox-rm container-name [-f]
You can also use environment variables to specify container manager and
name:
DBX_CONTAINER_MANAGER="docker" DBX_CONTAINER_NAME=test-alpine distrobox-rm
Supported environment variables:
DBX_CONTAINER_MANAGER
DBX_CONTAINER_NAME
DBX_NON_INTERACTIVE
DBX_SUDO_PROGRAM
DISTROBOX-STOP
NAME
distrobox stop
distrobox-stop
DESCRIPTION
distrobox-stop stop a running distrobox.
Distroboxes are left running, even after exiting out of them, so that
subsequent enters are really quick. This is how they can be stopped.
SYNOPSIS
distrobox stop
--name/-n: name for the distrobox
--yes/-Y: non-interactive, stop without asking
--help/-h: show this message
--root/-r: launch podman/docker with root privileges. Note that if you need root this is the preferred
way over "sudo distrobox" (note: if using a program other than 'sudo' for root privileges is necessary,
specify it through the DBX_SUDO_PROGRAM env variable, or 'distrobox_sudo_program' config variable)
--verbose/-v: show more verbosity
--version/-V: show version
EXAMPLES
distrobox-stop --name container-name
distrobox-stop container-name
You can also use environment variables to specify container manager and
name:
DBX_CONTAINER_MANAGER="docker" DBX_CONTAINER_NAME=test-alpine distrobox-stop
Supported environment variables:
DBX_CONTAINER_MANAGER
DBX_CONTAINER_NAME
DBX_NON_INTERACTIVE
DBX_SUDO_PROGRAM
DISTROBOX-UPGRADE
NAME
distrobox-upgrade
DESCRIPTION
distrobox-upgrade will enter the specified list of containers and will
perform an upgrade using the container’s package manager.
SYNOPSIS
distrobox upgrade
--help/-h: show this message
--all/-a: perform for all distroboxes
--verbose/-v: show more verbosity
--version/-V: show version
EXAMPLES
distrobox-upgrade --all
distrobox-upgrade alpine-linux ubuntu22 my-distrobox123
distrobox upgrade CONTAINER_NAME [CONTAINER_NAME1 CONTAINER_NAME2 ...]