图源：LINO - 崩壊3rd繫体字版6周年 108386100

Toolbox 可看做是Podman的Wrapper，力求将容器与主机的操作系统（Host OS）无缝集成。与Toolbox类似的工具还有Distrobox。它们在牺牲一些容器安全性（端口控制、资源控制、文件的独立性等）的情况下可以做到：

• 用户穿透：在容器中使用与当前Host user一样的user与home目录；
• 设备穿透：直接使用Host的/dev、/media等；
• 网络穿透：直接使用Host网络，获得与主机一致的网络体验；
• 服务穿透：通过直接使用Host的/run/user/<uid>和/tmp以及关键服务的Socket，实现在容器中访问主机的显示服务（X11/Wayland）、网络服务（Avahi）、D-Bus、systemd journal等；

因此，Toolbox可以用来：

• **作为不可变系统的软件安装方式之一。**如Fedora Silverblue、Fedora CoreOS等不可变系统中均预装Toolbox，另一些不可变系统中可能预装Distrobox；
• 使用其他发行版的镜像，在当前发行版中无缝运行针对其他发行版制作的程序。如在Fedora下运行只提供Ubuntu deb包的GUI程序；
• 在没有Host的root权限时创造一个假root环境。如非privileged的Toolbox容器同样可以使用sudo dnf install安装软件；
  • 需要镜像中预装sudo，并支持sudo、wheel组获取root权限，且支持NOPASSWD选项；
• 使用不同版本的镜像实现**“旧程序运行在新系统上”或“新程序运行在旧系统上”**，或对程序进行兼容性测试；
• 可以通过对镜像进行自定义，实现快速且一致的开发环境搭建；

图源：LINO - 崩壊3rd繫体字版6周年 108386100

Toolbox can be seen as a wrapper for Podman, aiming to seamlessly integrate containers with the host operating system (Host OS). A similar tool to Toolbox is Distrobox. By sacrificing some container security features (such as port control, resource control, and file isolation), they achieve the following:

• User passthrough: Using the same user and home directory inside the container as the current Host user;
• Device passthrough: Directly accessing the Host’s /dev, /media, etc.;
• Network passthrough: Directly using the Host network, providing a network experience identical to the host;
• Service passthrough: By directly utilizing the host’s /run/user/<uid> and /tmp directories along with critical service sockets, it enables access to the host’s display services (X11/Wayland), network services (Avahi), D-Bus, and systemd journal from within the container.

Therefore, Toolbox can be used to:

• Serve as one of the software installation methods for immutable systems. For example, Fedora Silverblue and Fedora CoreOS come pre-installed with Toolbox, while other immutable systems may have Distrobox pre-installed;
• Utilize images from other distributions to seamlessly run programs designed for other distributions within the current one. For instance, running a GUI program that only provides Ubuntu deb packages on Fedora;
• Create a pseudo-root environment when lacking root privileges on the Host. For example, even non-privileged Toolbox containers can use sudo dnf install to install software;
  • The image must have sudo package pre-installed, support the sudo and wheel groups to obtain root privileges, and enable the NOPASSWD option;
• Use different versions of images to achieve “running old programs on new systems” or “running new programs on old systems”, or to conduct compatibility testing for programs;
• Customizing the image enables quick and consistent development environment setup;