build, pkg/nvidia: Bump NVIDIA Container Toolkit to 1.17.5

NVIDIA Container Toolkit 1.17.5 requires Go >= 1.22 [1], and starts using enable-cuda-compat hooks in the Container Device Interface specification generated by it [2]. For example: "hookName": "createContainer", "path": "/usr/bin/nvidia-cdi-hook", "args": [ "nvidia-cdi-hook", "enable-cuda-compat", "--host-driver-version=570.153.02" ] The new hook makes it possible to have containers with a /usr/local/cuda/compat/libcuda.so.* that's newer than the proprietary NVIDIA driver on the host operating system, so that applications can use a newer CUDA without having to update the driver [3]. Even though this sounds useful, the hook has been disabled until it's handled by the 'init-container' command and there's a clear way to test it. The src/go.sum file was updated with 'go mod tidy'. [1] NVIDIA Container Toolkit commit 5bdf14b1e7c24763 https://github.com/NVIDIA/nvidia-container-toolkit/commit/5bdf14b1e7c24763 https://github.com/NVIDIA/nvidia-container-toolkit/pull/941 https://github.com/NVIDIA/nvidia-container-toolkit/pull/950 [2] NVIDIA Container Toolkit commit 76040ff2ad63fb82 https://github.com/NVIDIA/nvidia-container-toolkit/commit/76040ff2ad63fb82 https://github.com/NVIDIA/nvidia-container-toolkit/pull/906 https://github.com/NVIDIA/nvidia-container-toolkit/pull/948 [3] https://docs.nvidia.com/deploy/cuda-compatibility/ https://github.com/containers/toolbox/pull/1662
build: Bump tags.cncf.io/container-device-interface to 0.8.1
2025-06-11 21:30:11 +02:00 · 2025-06-11 15:22:06 +02:00 · 2025-06-03 22:08:50 +02:00 · 2025-06-03 22:07:00 +02:00 · 2025-06-02 22:34:17 +02:00 · 2025-06-02 22:33:30 +02:00
267 changed files with 24912 additions and 7102 deletions
--- a/.codespellexcludefile
+++ b/.codespellexcludefile
@ -0,0 +1,16 @@
+    usr_mount_destination_flags="ro"
+        toolbox_profile_bind="--volume /etc/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro"
+        toolbox_profile_bind="--volume /usr/share/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro"
+            if echo "$usr_mount_source_flags" | grep --invert-match "ro" >/dev/null 2>&3; then
+            --volume "$TOOLBOX_PATH":/usr/bin/toolbox:ro \
+            if ! mount_bind /run/host/etc/machine-id /etc/machine-id ro; then
+            if ! mount_bind /run/host/var/lib/flatpak /var/lib/flatpak ro; then
+            if ! mount_bind /run/host/var/log/journal /var/log/journal ro; then
+		if strings.Contains(command.Name(), "complet") {
+	toolboxPathMountArg := toolboxPath + ":/usr/bin/toolbox:ro"
+			toolboxShMountArg := mount.source + ":" + mount.containerPath + ":ro"
+		{"/etc/machine-id", "/run/host/etc/machine-id", "ro"},
+		{"/var/lib/flatpak", "/run/host/var/lib/flatpak", "ro"},
+		{"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", "ro"},
+		{"/var/log/journal", "/run/host/var/log/journal", "ro"},
+				"          \"ro\"," +
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -0,0 +1,11 @@
+*    @HarryMichal @debarshiray
+/.github/workflows/arch-images.yaml       @Foxboron
+/.github/workflows/arch-images-pr.yaml    @Foxboron
+/.github/workflows/ubuntu-images.yaml     @Jmennius
+/.github/workflows/ubuntu-tests.yaml      @Jmennius
+/data/gfx/*.gif    @jimmac
+/images/arch       @Foxboron
+/images/rhel       @debarshiray @olivergs
+/images/ubuntu     @Jmennius
+/src/pkg/utils/arch.go                    @Foxboron
+/src/pkg/utils/ubuntu.go                  @Jmennius
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@ -1,8 +1,8 @@
 ---
 name: Bug report
-about: Toolbox's bug report template
+about: Toolbx's bug report template
 title: ''
-labels: bug
+labels: 1. Bug
 assignees: ''

 ---
@ -28,7 +28,7 @@ If applicable, add screenshots to help explain your problem.
 **Output of `toolbox --version` (v0.0.90+)**
 e.g., `toolbox version 0.0.90`

-**Toolbox package info (`rpm -q toolbox`)**
+**Toolbx package info (`rpm -q toolbox`)**
 e.g., `toolbox-0.0.18-2.fc32.noarch`

 **Output of `podman version`**
@ -49,4 +49,6 @@ e.g., Fedora Silverblue 32
 **Additional context**
 Add any other context about the problem here.
 When did the issue start occurring? After an update (what packages were updated)?
-If the issue is about operating with containers/images (creating, using, deleting,..), share here what image you used. If you're unsure, share here the output of `toolbox list -i` (shows all toolbox images on your system).
+If the issue is about operating with containers/images (creating, using, deleting,..), share here what image you used. If you're unsure, share here the output of `toolbox list -i` (shows all Toolbx images on your system).
+
+If you see an error message saying: `Error: invalid entry point PID of container <name-of-container>`, add to the ticket output of command `podman start --attach <name-of-container>`.
--- a/.github/ISSUE_TEMPLATE/feature-request.md
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@ -1,8 +1,8 @@
 ---
 name: Feature request
-about: Toolbox's feature request template
+about: Toolbx's feature request template
 title: ''
-labels: feature request
+labels: 1. Feature request
 assignees: ''

 ---
--- a/.github/workflows/arch-images.yaml
+++ b/.github/workflows/arch-images.yaml
@ -0,0 +1,64 @@
+name: "Arch Linux: Build and push arch-toolbox image"
+
+permissions: read-all
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - images/arch/**
+      - .github/workflows/arch-images.yaml
+  push:
+    branches:
+      - main
+    paths:
+      - images/arch/**
+      - .github/workflows/arch-images.yaml
+  schedule:
+    - cron: '0 0 * * MON'
+
+env:
+  distro: 'arch'
+  platforms: 'linux/amd64'
+  registry: 'quay.io/toolbx'
+  username: 'toolbx+github'
+
+# Prevent multiple workflow runs from racing to ensure that pushes are made
+# sequentially for the main branch. Also cancel in progress workflow runs for
+# pull requests only.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  build-push-images:
+    name: Build and push the arch-toolbox image
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build container image (latest tag)
+        uses: redhat-actions/buildah-build@v2
+        if: env.latest_release == matrix.release
+        with:
+          platforms: ${{ env.platforms }}
+          context: images/${{ env.distro }}
+          image: ${{ env.distro }}-toolbox
+          tags: latest
+          containerfiles: images/${{ env.distro }}/Containerfile
+          layers: false
+          oci: true
+
+      - name: Push to Container Registry (latest tag)
+        uses: redhat-actions/push-to-registry@v2
+        id: push-latest
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+        with:
+          username: ${{ env.username }}
+          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+          image: ${{ env.distro }}-toolbox
+          registry: ${{ env.registry }}
+          tags: latest
--- a/.github/workflows/ubuntu-images.yaml
+++ b/.github/workflows/ubuntu-images.yaml
@ -0,0 +1,97 @@
+name: "Ubuntu: Build and push ubuntu-toolbox images"
+
+permissions: read-all
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - images/ubuntu/**
+      - .github/workflows/ubuntu-images.yaml
+  push:
+    branches:
+      - main
+    paths:
+      - images/ubuntu/**
+      - .github/workflows/ubuntu-images.yaml
+  schedule:
+    - cron: '0 0 * * MON'
+
+env:
+  distro: 'ubuntu'
+  latest_release: '24.04'
+  platforms: 'linux/amd64, linux/arm64'
+  registry: 'quay.io/toolbx'
+  username: 'toolbx+github'
+
+# Prevent multiple workflow runs from racing to ensure that pushes are made
+# sequentially for the main branch. Also cancel in progress workflow runs for
+# pull requests only.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  build-push-images:
+    strategy:
+      matrix:
+        release: ['18.04', '20.04', '22.04', '24.04', '24.10', '25.04']
+      fail-fast: false
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU for multi-arch builds
+        shell: bash
+        run: |
+          sudo apt update
+          sudo apt install qemu-user-static
+
+      - name: Build container image
+        uses: redhat-actions/buildah-build@v2
+        if: env.latest_release != matrix.release
+        with:
+          platforms: ${{ env.platforms }}
+          context: images/${{ env.distro }}/${{ matrix.release }}
+          image: ${{ env.distro }}-toolbox
+          tags: ${{ matrix.release }}
+          containerfiles: images/${{ env.distro }}/${{ matrix.release }}/Containerfile
+          layers: false
+          oci: true
+
+      - name: Build container image (latest tag)
+        uses: redhat-actions/buildah-build@v2
+        if: env.latest_release == matrix.release
+        with:
+          platforms: ${{ env.platforms }}
+          context: images/${{ env.distro }}/${{ matrix.release }}
+          image: ${{ env.distro }}-toolbox
+          tags: ${{ matrix.release }} latest
+          containerfiles: images/${{ env.distro }}/${{ matrix.release }}/Containerfile
+          layers: false
+          oci: true
+
+      - name: Push to Container Registry
+        uses: redhat-actions/push-to-registry@v2
+        id: push
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
+        with:
+          username: ${{ env.username }}
+          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+          image: ${{ env.distro }}-toolbox
+          registry: ${{ env.registry }}
+          tags: ${{ matrix.release }}
+
+      - name: Push to Container Registry (latest tag)
+        uses: redhat-actions/push-to-registry@v2
+        id: push-latest
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
+        with:
+          username: ${{ env.username }}
+          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+          image: ${{ env.distro }}-toolbox
+          registry: ${{ env.registry }}
+          tags: ${{ matrix.release }} latest
--- a/.github/workflows/ubuntu-tests.yaml
+++ b/.github/workflows/ubuntu-tests.yaml
@ -0,0 +1,173 @@
+#
+# Copyright © 2023 – 2025 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: ubuntu-tests
+
+on:
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  ubuntu-jammy-tests:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          path: containers/toolbox
+          submodules: true
+
+      - name: Install deb packages
+        run: |
+          sudo apt-get update
+          sudo apt-get install \
+            apache2-utils \
+            bash-completion \
+            codespell \
+            fish \
+            flatpak \
+            gcc \
+            go-md2man \
+            golang-1.21 \
+            meson \
+            ninja-build \
+            openssl \
+            podman \
+            shellcheck \
+            skopeo \
+            systemd \
+            udisks2
+
+      - name: Ensure that 'p11-kit server' is absent
+        run: sudo rm /usr/libexec/p11-kit/p11-kit-server
+
+      - name: Set up PATH for Go 1.21
+        run: |
+          echo "PATH=/usr/lib/go-1.21/bin:$PATH" >> "$GITHUB_ENV"
+
+      - name: Checkout Bats
+        uses: actions/checkout@v4
+        with:
+          path: bats-core/bats-core
+          ref: v1.10.0
+          repository: bats-core/bats-core.git
+          submodules: true
+
+      - name: Install deb packages for Bats
+        run: |
+          sudo apt-get update
+          sudo apt-get install \
+            bash \
+            parallel
+
+      - name: Install Bats
+        run: sudo ./install.sh /usr/local
+        working-directory: bats-core/bats-core
+
+      - name: Checkout shadow
+        uses: actions/checkout@v4
+        with:
+          path: shadow-maint/shadow
+          ref: 4.13
+          repository: shadow-maint/shadow.git
+          submodules: true
+
+      - name: Install deb packages for shadow
+        run: |
+          sudo apt-get update
+          sudo apt-get install \
+            autoconf \
+            autopoint \
+            gettext \
+            libaudit-dev \
+            libcrypt-dev \
+            libpam0g-dev \
+            libselinux1-dev \
+            libsemanage-dev
+
+      - name: Set up build directory for shadow
+        run: |
+          autoreconf --force --install --verbose
+          ./configure \
+            --disable-account-tools-setuid \
+            --disable-silent-rules \
+            --with-audit \
+            --with-libpam \
+            --with-selinux \
+            --with-yescrypt \
+            --without-acl \
+            --without-attr \
+            --without-su \
+            --without-tcb \
+            SHELL=/bin/sh
+        working-directory: shadow-maint/shadow
+
+      - name: Build shadow
+        run: make
+        working-directory: shadow-maint/shadow
+
+      - name: Install shadow
+        run: sudo make install
+        working-directory: shadow-maint/shadow
+
+      - name: Download Go modules
+        run: go mod download -x
+        working-directory: containers/toolbox/src
+
+      - name: Set up build directory
+        run: meson setup builddir
+        working-directory: containers/toolbox
+
+      - name: Build
+        run: meson compile -C builddir --verbose
+        working-directory: containers/toolbox
+
+      - name: Install
+        run: sudo meson install -C builddir
+        working-directory: containers/toolbox
+
+      - name: Unit tests
+        run: meson test -C builddir --verbose
+        working-directory: containers/toolbox
+
+      - name: System tests
+        run: |
+          bats --timing \
+            test/system/001-version.bats \
+            test/system/002-help.bats \
+            test/system/101-create.bats \
+            test/system/102-list.bats \
+            test/system/103-container.bats \
+            test/system/105-enter.bats \
+            test/system/106-rm.bats \
+            test/system/107-rmi.bats \
+            test/system/108-completion.bats \
+            test/system/201-ipc.bats \
+            test/system/203-network.bats \
+            test/system/220-environment-variables.bats \
+            test/system/250-kerberos.bats \
+            test/system/270-rpm.bats \
+            test/system/501-create.bats \
+            test/system/505-enter.bats
+        env:
+          SHELL: /bin/bash
+          TMPDIR: /var/tmp
+          TOOLBX: /usr/local/bin/toolbox
+        working-directory: containers/toolbox
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,6 @@
+[submodule "test/system/libs/bats-support"]
+	path = test/system/libs/bats-support
+	url = https://github.com/bats-core/bats-support.git
+[submodule "test/system/libs/bats-assert"]
+	path = test/system/libs/bats-assert
+	url = https://github.com/bats-core/bats-assert.git
--- a/.mailmap
+++ b/.mailmap
@ -0,0 +1,2 @@
+<rishi@fedoraproject.org> <debarshir@gnome.org>
+Ondřej Míchal <harrymichal@seznam.cz>
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -1,75 +1,189 @@
+#
+# Copyright © 2020 – 2024 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 ---
 - job:
-    name: shellcheck
-    description: Check validity of shell scripts with shellcheck
-    timeout: 300
+    name: unit-test
+    description: Run Toolbx's unit tests declared in Meson
+    timeout: 1800
    nodeset:
      nodes:
-        - name: ci-node-32
-          label: cloud-fedora-32-small
-    run: playbooks/shellcheck.yaml
+        - name: fedora-rawhide
+          label: cloud-fedora-rawhide
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/unit-test.yaml

 - job:
-    name: system-test-fedora-31
-    description: Run Toolbox's system tests in Fedora 31
-    timeout: 1200
+    name: unit-test-migration-path-for-coreos-toolbox
+    description: Run Toolbx's unit tests declared in Meson when built with -Dmigration_path_for_coreos_toolbox
+    timeout: 600
    nodeset:
      nodes:
-        - name: ci-node-31
-          label: cloud-fedora-31-small
-    pre-run: playbooks/fedora-31/setup-env.yaml
-    run: playbooks/fedora-31/system-test-fedora-31.yaml
+        - name: centos-9-stream
+          label: cloud-centos-9-stream
+    pre-run: playbooks/setup-env-migration-path-for-coreos-toolbox.yaml
+    run: playbooks/unit-test.yaml

 - job:
-    name: system-test-fedora-32
-    description: Run Toolbox's system tests in Fedora 32
-    timeout: 1200
+    name: unit-test-restricted
+    description: Run Toolbx's unit tests declared in Meson in a restricted build environment
+    timeout: 1800
    nodeset:
      nodes:
-        - name: ci-node-32
-          label: cloud-fedora-32-small
-    pre-run: playbooks/fedora-32/setup-env.yaml
-    run: playbooks/fedora-32/system-test-fedora-32.yaml
+        - name: fedora-rawhide
+          label: cloud-fedora-rawhide
+    pre-run: playbooks/setup-env-restricted.yaml
+    run: playbooks/unit-test.yaml

 - job:
-    name: system-test-fedora-33
-    description: Run Toolbox's system tests in Fedora 33
-    timeout: 1200
+    name: system-test-fedora-rawhide-commands-options
+    description: Run Toolbx's commands-options system tests in Fedora Rawhide
+    timeout: 7200
    nodeset:
      nodes:
-        - name: ci-node-33
-          label: cloud-fedora-33-small
-    pre-run: playbooks/fedora-33/setup-env.yaml
-    run: playbooks/fedora-33/system-test-fedora-33.yaml
+        - name: fedora-rawhide
+          label: cloud-fedora-rawhide
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-commands-options.yaml

 - job:
-    name: system-test-fedora-rawhide
-    description: Run Toolbox's system tests in Fedora Rawhide
-    timeout: 1200
+    name: system-test-fedora-rawhide-runtime-environment-arch-fedora
+    description: Run Toolbx's (arch-fedora,runtime-environment) system tests in Fedora Rawhide
+    timeout: 7200
    nodeset:
      nodes:
-        - name: ci-node-rawhide
-          label: cloud-fedora-rawhide-small
-    pre-run: playbooks/fedora-rawhide/setup-env.yaml
-    run: playbooks/fedora-rawhide/system-test-fedora-rawhide.yaml
+        - name: fedora-rawhide
+          label: cloud-fedora-rawhide
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-runtime-environment-arch-fedora.yaml
+
+- job:
+    name: system-test-fedora-rawhide-runtime-environment-ubuntu
+    description: Run Toolbx's (runtime-environment,ubuntu) system tests in Fedora Rawhide
+    timeout: 7200
+    nodeset:
+      nodes:
+        - name: fedora-rawhide
+          label: cloud-fedora-rawhide
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-runtime-environment-ubuntu.yaml
+
+- job:
+    name: system-test-fedora-42-commands-options
+    description: Run Toolbx's commands-options system tests in Fedora 42
+    timeout: 6300
+    nodeset:
+      nodes:
+        - name: fedora-42
+          label: cloud-fedora-42
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-commands-options.yaml
+
+- job:
+    name: system-test-fedora-42-runtime-environment-arch-fedora
+    description: Run Toolbx's (arch-fedora,runtime-environment) system tests in Fedora 42
+    timeout: 6300
+    nodeset:
+      nodes:
+        - name: fedora-42
+          label: cloud-fedora-42
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-runtime-environment-arch-fedora.yaml
+
+- job:
+    name: system-test-fedora-42-runtime-environment-ubuntu
+    description: Run Toolbx's (runtime-environment,ubuntu) system tests in Fedora 42
+    timeout: 6300
+    nodeset:
+      nodes:
+        - name: fedora-42
+          label: cloud-fedora-42
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-runtime-environment-ubuntu.yaml
+
+- job:
+    name: system-test-fedora-41-commands-options
+    description: Run Toolbx's commands-options system tests in Fedora 41
+    timeout: 6300
+    nodeset:
+      nodes:
+        - name: fedora-41
+          label: cloud-fedora-41
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-commands-options.yaml
+
+- job:
+    name: system-test-fedora-41-runtime-environment-arch-fedora
+    description: Run Toolbx's (arch-fedora,runtime-environment) system tests in Fedora 41
+    timeout: 6300
+    nodeset:
+      nodes:
+        - name: fedora-41
+          label: cloud-fedora-41
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-runtime-environment-arch-fedora.yaml
+
+- job:
+    name: system-test-fedora-41-runtime-environment-ubuntu
+    description: Run Toolbx's (runtime-environment,ubuntu) system tests in Fedora 41
+    timeout: 6300
+    nodeset:
+      nodes:
+        - name: fedora-41
+          label: cloud-fedora-41
+    pre-run: playbooks/setup-env.yaml
+    run: playbooks/system-test-runtime-environment-ubuntu.yaml

 - project:
    periodic:
      jobs:
-        - system-test-fedora-31
-        - system-test-fedora-32
-        - system-test-fedora-33
-        - system-test-fedora-rawhide
+        - system-test-fedora-rawhide-commands-options
+        - system-test-fedora-rawhide-runtime-environment-arch-fedora
+        - system-test-fedora-rawhide-runtime-environment-ubuntu
+        - system-test-fedora-42-commands-options
+        - system-test-fedora-42-runtime-environment-arch-fedora
+        - system-test-fedora-42-runtime-environment-ubuntu
+        - system-test-fedora-41-commands-options
+        - system-test-fedora-41-runtime-environment-arch-fedora
+        - system-test-fedora-41-runtime-environment-ubuntu
    check:
      jobs:
-        - shellcheck
-        - system-test-fedora-31
-        - system-test-fedora-32
-        - system-test-fedora-33
-        - system-test-fedora-rawhide
+        - unit-test
+        - unit-test-migration-path-for-coreos-toolbox
+        - unit-test-restricted
+        - system-test-fedora-rawhide-commands-options
+        - system-test-fedora-rawhide-runtime-environment-arch-fedora
+        - system-test-fedora-rawhide-runtime-environment-ubuntu
+        - system-test-fedora-42-commands-options
+        - system-test-fedora-42-runtime-environment-arch-fedora
+        - system-test-fedora-42-runtime-environment-ubuntu
+        - system-test-fedora-41-commands-options
+        - system-test-fedora-41-runtime-environment-arch-fedora
+        - system-test-fedora-41-runtime-environment-ubuntu
    gate:
      jobs:
-        - system-test-fedora-31
-        - system-test-fedora-32
-        - system-test-fedora-33
-        - system-test-fedora-rawhide
+        - unit-test
+        - unit-test-migration-path-for-coreos-toolbox
+        - unit-test-restricted
+        - system-test-fedora-rawhide-commands-options
+        - system-test-fedora-rawhide-runtime-environment-arch-fedora
+        - system-test-fedora-rawhide-runtime-environment-ubuntu
+        - system-test-fedora-42-commands-options
+        - system-test-fedora-42-runtime-environment-arch-fedora
+        - system-test-fedora-42-runtime-environment-ubuntu
+        - system-test-fedora-41-commands-options
+        - system-test-fedora-41-runtime-environment-arch-fedora
+        - system-test-fedora-41-runtime-environment-ubuntu
--- a/CODE-OF-CONDUCT.md
+++ b/CODE-OF-CONDUCT.md
@ -1,3 +1,3 @@
-## The Toolbox Project Community Code of Conduct
+## The Toolbx Project Community Code of Conduct

-The Toolbox project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/master/CODE-OF-CONDUCT.md).
+The Toolbx project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md).
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,44 +1,26 @@
-![Toolbox logo](data/logo/toolbox-logo-landscape.svg)
+![Contributing](data/gfx/CONTRIBUTING.gif)

-# Contributing to Toolbox
+# Contributing to Toolbx

-Thank you for wanting to contribute to Toolbox! We greatly appreciate your
+Thank you for wanting to contribute to Toolbx! We greatly appreciate your
 interest!

-# Table of contents
-
- [Contributing to Toolbox](#contributing-to-toolbox)
- [Table of contents](#table-of-contents)
- [Reporting Bugs](#reporting-bugs)
-  - [Before Submiting a Bug Report](#before-submiting-a-bug-report)
-  - [Writing a Bug Report](#writing-a-bug-report)
- [Making Suggestions](#making-suggestions)
-  - [Before Submitting a Suggestion](#before-submitting-a-suggestion)
-  - [Writing a Suggestion](#writing-a-suggestion)
- [First Contribution](#first-contribution)
- [Pull Requests](#pull-requests)
-  - [Creating a Pull Request](#creating-a-pull-request)
-  - [After Creating a Pull Request](#after-creating-a-pull-request)
- [Little Style Guide](#little-style-guide)
-
 # Reporting Bugs

-## Before Submiting a Bug Report
+## Before Submitting a Bug Report

 - Check if your issue is already reported in our [bug tracker](https://github.com/containers/toolbox/issues)
  - If the issue is already reported and is marked as **OPEN**, comment on it
    and if possible and needed, share info about the issue just as if you were
-    submiting a new issue
-  - If the issue is marked as **CLOSED**, check if your version of Toolbox is
+    submitting a new issue
+  - If the issue is marked as **CLOSED**, check if your version of Toolbx is
    up-to-date or if there are some steps, described in the closed issue, that
    you should follow. If you are still experiencing the issue, please file a
    new issue
 - See our [documentation](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/)
  if there are some steps that could help you solve your issue
 - Sometimes a bug is not reported in our bug tracker but instead people ask for
-  help somewhere else: IRC ([Freenode](https://freenode.net) - #silverblue,
-  #containers, #fedora, #fedora-devel,..), [Fedora forum](https://discussion.fedoraproject.org/tag/toolbox),
-  or somewhere else. In such cases we'd like you to still report the bug and
+  help somewhere else (e.g., chat channels). In such cases we'd like you to still report the bug and
  share with us any info that could be gathered from those places

 ## Writing a Bug Report
@ -55,14 +37,14 @@ When writing a bug report:
  reproduce it.
 - **Describe the behavior you received and what you expected** - Sometimes it
  may not be clear what the *right* behavior should look like.
- **Provide info about the version of used software** - What version of Toolbox
+- **Provide info about the version of used software** - What version of Toolbx
  and Podman do you use?
 - **Provide info about your system** - What distribution do you use? Which
  desktop environment? Is it a VM or a real machine?

 # Making Suggestions

-Toolbox is not feature-complete and some of it's functionality is not-there-yet.
+Toolbx is not feature-complete and some of it's functionality is not-there-yet.
 We are thankful for all suggestions and ideas but be ready that your suggestion
 may be rejected.

@ -81,7 +63,7 @@ may be rejected.
 When writing a suggestion:

 - **Use a clear and descriptive title**
- **Describe the idea** - What parts of Toolbox does it affect? Is it a major
+- **Describe the idea** - What parts of Toolbx does it affect? Is it a major
  functionality or a minor tweak?
 - **Provide step-by-step description of the suggested behavior** so that we
  will understand.
@ -90,13 +72,13 @@ When writing a suggestion:

 # First Contribution

-Toolbox is written in [Go](https://golang.org) and uses [Meson](https://mesonbuild.com)
+Toolbx is written in [Go](https://golang.org) and uses [Meson](https://mesonbuild.com)
 as it's buildsystem.

-Instructions for building Toolbox from source are in our [README](https://github.com/containers/toolbox/blob/master/README.md).
+Instructions for building Toolbx from source are in our [README](https://github.com/containers/toolbox/blob/main/README.md).

 > You may not need to build the project from source if your contribution is not
-> related to the code of Toolbox itself (e.g., documentation, updating CI
+> related to the code of Toolbx itself (e.g., documentation, updating CI
 > config, playing with image definitions,...).

 Here are some ideas of what you could contribute with:
@ -106,18 +88,18 @@ Here are some ideas of what you could contribute with:
 - Write tests - Go has [tools](https://golang.org/pkg/testing/) for writing tests.
  There are also [some](https://github.com/stretchr/testify) [libraries](https://github.com/onsi/ginkgo)
  used for creating even more sophisticated tests.
- Play with custom images - Toolbox currently officially works with Fedora-based
+- Play with custom images - Toolbx currently officially works with Fedora-based
  images. Ultimately there should be a wide variety of supported distro images.
  You can help with testing other people's image definitions or creating your
  own. **Beware**, maintainers still don't have a clear idea of how the image
-  infrustructure should look like.
- Write documentation - Some functions in Toolbox's code don't have comments and
-  it's not very clear what they do. Toolbox has it's [documentation](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/)
+  infrastructure should look like.
+- Write documentation - Some functions in Toolbx's code don't have comments and
+  it's not very clear what they do. Toolbx has it's [documentation](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/)
  hosted by Fedora. It's not very large and could use some attention.
 - Hack on the code and share the result - Seriously! Sometimes random ideas are
  the best.

-Toolbox currently does not have an infrastructure for translations. You can help
+Toolbx currently does not have an infrastructure for translations. You can help
 us to set it up!

 # Pull Requests
@ -133,9 +115,10 @@ documentation, code comments and much more.
  code you're contributing to, consider opening another PR if you want to
  implement it yourself or file an issue so that somebody else can pick it up.
 - Update documentation to reflect your changes - Manual pages can be found in
-  directory `doc`. If your changes affect Toolbox's [documentation](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/),
+  directory `doc`. If your changes affect Toolbx's [documentation](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/),
  consider creating a PR there (but to save yourself time, you can do it
  after your changes are accepted), too.
+- After creating a PR add to the bottom of all your commits a link to the PR. This helps the future maintainers find discussions around the changes.

 ## After Creating a Pull Request

@ -145,20 +128,19 @@ your efforts! We really appreciate them! Sometimes we may be stuck in different
 parts of our lives.

 If it takes us a very long time to even respond to your Pull Request, you can
-try to @ping us, request a review or try to reach to us on IRC ([Freenode](https://freenode.net/);
-#silverblue, #containers, #fedora-devel,..) or [Fedora Forum](https://discussion.fedoraproject.org).
+try to @ping us at our communication channels (see section #Communication).

-Toolbox has a simple CI (Continuos Integration) setup for running system tests (
-can be found under directory `test/system`). Their goal is to check if your
-changes don't affect adversely Toolbox's functionality. Sometimes these tests
+## 
+Toolbx has a CI (Continuous Integration) setup for running tests. Their goal is to check if your
+changes don't affect adversely Toolbx's functionality. Sometimes these tests
 mail fail with a false-positive. If you are not sure about the outcome of the
-tests, reach out to the maintainers!
+tests, you can try to trigger a new test run by writing a comment with text `recheck` (really just that). If the issue persists, reach out to the maintainers!

-Toolbox's CI system is [Zuul](https://zuul-ci.org/) hosted at [softwarefactory](https://softwarefactory-project.io/).
+Toolbx's CI system is [Zuul](https://zuul-ci.org/) hosted at [softwarefactory](https://softwarefactory-project.io/). The CI is defined using [Ansible](https://www.ansible.com) playbooks. For more information on writing Zuul jobs see their [documentation](https://zuul-ci.org/docs/zuul/reference/user.html).

 # Little Style Guide

-Toolbox is written in [Go](https://golang.org) and uses its default set of tools
+Toolbx is written in [Go](https://golang.org) and uses its default set of tools
 including `gofmt` and `golint`.

 Here are some good materials to learn from about the way how to write nice and
@ -175,3 +157,8 @@ If you are using Visual Studio Code, there are [plugins](https://marketplace.vis
 that include all this functionality and throw a warning if you're doing
 something wrong.

+# Communication
+
+The Toolbx team hangs-out at a dedicated Matrix channel: [#toolbx:matrix.org](https://matrix.to/#/#toolbx:matrix.org).
+
+For Fedora-specific discussions you can visit their [wiki](https://docs.fedoraproject.org/en-US/project/join/) to learn about the means to contact the community.
--- a/GOALS.md
+++ b/GOALS.md
@ -0,0 +1,66 @@
+<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
+
+## Goals
+
+### High Level Goals
+
+- Provide a convenient command line interface to run containers using
+  [Podman](https://podman.io/)
+- Support for development, debugging and system management use cases
+- Support for multiple distros
+  - `toolbox` package in multiple distros
+  - `toolbox` containers for multiple distros
+
+### Non-goals
+
+- Supporting multiple container runtimes. Toolbx will use Podman exclusively
+- Adding significant features on top of Podman
+  - Significant feature requests should be driven into Podman upstream
+- To run containers that aren't tightly integrated with the host
+  - Extremely sandboxed containers quickly become specific to the user
+
+### Developer Use Cases
+
+- I’m a developer hacking on source code and building/testing code
+  - Most cases: user doesn't need root, rootless containers work fine
+  - Some cases: user needs root for testing
+- Desktop Development:
+  - Developers need things like D-Bus, display, etc. to be forwarded into the
+    Toolbx container
+- Headless Development:
+  - Toolbx works properly in headless environments (no display, etc)
+- Need development tools like GDB, strace, etc. to work
+
+### Debugging and System Management Use Cases
+
+- Inspecting host processes and the kernel
+  - Typically need root access
+  - Need bpftrace, strace on host processes to work
+    - Ideally even do things like helping get kernel-debuginfo data for the
+      host kernel
+- Managing system services
+  - `systemctl restart foo.service`
+  - journalctl
+- Managing updates to the host
+  - rpm-ostree
+  - dnf/yum (classic systems)
+
+### Specific environments
+
+- Fedora Silverblue
+  - Silverblue comes with a subset of packages and discourages host software
+    changes
+    - Users need a Toolbx container as a working environment
+    - Future: use Toolbx container by default when a user opens a shell
+- Fedora CoreOS
+  - Similar to Silverblue, but non-graphical and smaller package set
+- RHEL CoreOS
+  - Similar to Fedora CoreOS. Based on RHEL content and the underlying
+    operating system for OpenShift
+  - Need to [use default authfile on pull](https://github.com/coreos/toolbox/pull/58/commits/413f83f7240d3c31121b557bfd55e489fad24489)
+  - Need to ensure compatibility with the rhel7/support-tools container
+    - Currently not a Toolbx image, opportunity for collaboration
+  - Alignment with `oc debug node/` (OpenShift)
+    - `oc debug node` opens a shell on a kubernetes node
+    - Value in having a consistent environment for both Toolbx's debugging
+      mode and `oc debug node`
--- a/378
+++ b/378
@ -1,353 +1,71 @@
-Overview of changes in 0.0.99
-=============================
+0.1.2
+=====

-* Add a --distro option to 'create', 'enter' and 'run'
-* Prevent setting VTE-specific PROMPT_COMMAND without VTE
-* Remove the --candidate-registry option from Bash completion and the manual
-  for 'create'
-* Remove the deprecated reset command
-* Support RHEL hosts by creating containers based on UBI
-* Try to avoid 'latest' tags, when looking at RepoTags
-* Update the labels used for filtering toolbox containers images
-* Update the range of supported Fedora releases
+### Security fixes

+* Bumped the minimum github.com/briandowns/spinner version to 1.23.2 for
+  CVE-2022-29526 or GHSA-p782-xgp4-8hr8, and other bug fixes
+* Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
+  1.17.4 for CVE-2024-0134 or GHSA-7jm9-xpwx-v999, CVE-2024-0135 or
+  GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA-vcfp-63cx-4h59, CVE-2024-0137 or
+  GHSA-frhw-w3wm-6cw4, and CVE-2025-23359 or GHSA-4hmh-pm5p-9j7j

-Overview of changes in 0.0.98.1
-===============================
+### Enhancements

-* Pass the USER environment variable to the container
-* Make /etc/profile.d/toolbox.sh compatible with Z shell again
-* Update the manual to mention that the --image and --release options of
-  'create' can't be used together
+* Added ubuntu-toolbox image definitions for Ubuntu 25.04
+* Gave access to the CA certificates from the host operating system — requires
+  new Toolbx images and 'p11-kit server' on the host.  Note that the UBI-based
+  images for RHEL haven't yet been updated, and this feature is currently
+  disabled for those containers.

+### Bug fixes

-Overview of changes in 0.0.98
-=============================
+* Optimized getting the runtime directory
+* Replaced links to the code repository with the website
+* Updated fallback release to 42 for non-fedora hosts

-* Add nss-mdns to the fedora-toolbox images
-* Correctly check validity of container name
-* Don't leak all the os-release fields into the shell
-* Don't rely on XDG_RUNTIME_DIR when running as root
-* Give access to Avahi to resolve the .local mDNS domain
-* Make coredumpctl(1) 'dump' and 'debug' work inside toolbox containers
-* Make options --image and --release for 'create' mutually exclusive
-* Notify the terminal about the real UID of 'toolbox enter'
-* Remove periods at the end of flag descriptions
-* Set XDG_RUNTIME_DIR when creating the toolbox container
-* Unbreak 'enter' on hosts without a /etc/localtime
-* Unbreak the system tests on Fedora 33
-* Use the host's user namespace when running as root
+### Dependencies

+* Added a new weak dependency on 'p11-kit server'
+* Bumped the minimum github.com/NVIDIA/go-nvlib version to 0.7.1
+* Bumped the minimum github.com/spf13/viper version to 1.20.1 to reduce the
+  number of indirect dependencies
+* Bumped the minimum github.com/stretchr/testify version to 1.10.0

-Overview of changes in 0.0.97
-=============================
+### Tests

-* Allow X11 clients to run as root
-* Color the output only when displaying on a terminal
-* Don't rely on user D-Bus to track time zone configuration
-* Enable running minikube on Silverblue
-* Expose the host's /boot inside the container at /run/host
-* Fix missing terminfo warning for Ubuntu containers
-* Make locate(1) work inside toolbox containers
-* Make pseudo-terminal devices be owned by the 'tty' group
-* Rework test to check if a toolbox container started successfully
-* Run a login shell when falling back to Bash during 'enter'
+* Added runtime environment tests for the Kerberos and RPM configuration
+* Added unit tests for utils.PathExists()
+* Enabled the commands and options tests for 'list' on Arch and Ubuntu 22.04
+* Enabled the system tests for 'create' and networking on Arch Linux
+* Isolated the storage directory from the host's XDG_CACHE_HOME or HOME —
+  bumped the minimum Linux kernel version to 6.6
+* Made the the commands and options tests for 'create' stricter
+* Optimized the runtime environment tests by avoiding a lot of disk I/O
+* Restored the generation and installation of the Bash completions on the CI
+  (regression from Fedora 41)


-Overview of changes in 0.0.96
-=============================
+0.1.1
+=====

-* Don't break GNU Readline's ctrl-p shortcut
-* Enable system tests on Fedora 33
-* Fix containers with missing /media possibly due to a failed RPM transaction
-* Give access to the udev database
-* Unbreak X11 applications with GNOME 3.38
-* Update default release to 31 for non-Fedora hosts
+### Security fixes

+* Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
+  1.16.2 for CVE-2024-0132 or GHSA-mjjw-553x-87pq, and CVE-2024-0133 or
+  GHSA-f748-7hpg-88ch

-Overview of changes in 0.0.95
-=============================
+### Bug fixes

-* Try to handle configuration files that're absolute symlinks when the entry
-  point sets up the container
-* Unbreak 'enter' on Fedora CoreOS
-* Unbreak 'sudo' inside toolbox containers with Podman 2.0.5
-* Warn if $TERM has no terminfo entry in the container
-
-
-Overview of changes in 0.0.94
-=============================
-
-* Add contribution guidelines
-* Add fedora-toolbox image definition for Fedora 34
-* Add more information to errors from creating symbolic links when setting up
-  the toolbox container in the entry point
-* Ensure binaries built on Fedora 33 run on Fedoras 32 & 31
-* Install the tests
-* Make it more obvious when falling back to /bin/bash
-* Document that sudo(8) should work without a password
-* Mount a tmpfs at /tmp to match the host
-* Update issue templates
-
-
-Overview of changes in 0.0.93
-=============================
-
-* Ensure reproducible builds by using the -trimpath build flag
-* Fix the test suite to work with the Go implementation
-* Make listing of containers and images more robust against changes in the JSON
-  returned by Podman
-* List out dependencies and installation instructions
-* Re-enable highlighting of running containers
-* Show the spinner only when connected to a terminal
-* Speed things up by caching the Podman version at runtime
-* Update hint after creating a container to use the new syntax
-* Use the correct verb format for string
-
-
-Overview of changes in 0.0.92
-=============================
-
-* Embed the version from Meson into the binary
-* Make it build on aarch64
-
-
-Overview of changes in 0.0.91
-=============================
-
-* Add gvfs-client to the fedora-toolbox images
-* Adjust for changes in JSON output from 'podman ps' and 'podman images' in
-  Podman 2.0
-* Lower the Go build requirements to make it easier to build on Fedora
-* Show an error if $PWD is missing inside the container
-
-
-Overview of changes in 0.0.90
-=============================
-
-* Rewrite Toolbox in Go
-* Remove support for toolbox containers created by Toolbox 0.0.9 and older
-* Add option --version to show current Toolbox version
-* Add options --log-level and --log-podman as possible future replacements for
-  --verbose and --very-verbose
-* Clean up the spinner when aborted by SIGINT (or ctrl+c) and such
-* Fix duplication in the output of the list command
-* Mark the reset command as deprecated (replaced by 'podman system reset')
-* Support specifying the name of a toolbox container as an argument to the
-  create and enter commands, in addition to the --container option
-
-
-Overview of changes in 0.0.18
-=============================
-
-* Check /usr/share/profile.d when bind mounting toolbox.sh
-* Mount /media only if it is available
-* Set up /media and /mnt to match the host
-* Unbreak 'enter' when SELinux is disabled
-
-
-Overview of changes in 0.0.17
-=============================
-
-* Add a --very-verbose or -vv option
-* Deprecate all toolbox containers that don't use a reflexive entry point
-* Ensure that 'run' has at least one argument for the command
-* Give access to the host's systemd journal
-* Wipe out the container's /sys/fs/selinux to not advertise SELinux
-
-
-Overview of changes in 0.0.16
-=============================
-
-* Add a reset command
-* Document requirements for distro support
-* Don't use a toolbox container until after it has been configured
-* Drop the coloured heading from 'list'
-* Miscellaneous fixes to Bash completion
-* Remove the hidden --sudo option and the /etc/sudoers.d snippet
-* Try to migrate to a supported OCI runtime if 'podman start' suggests so
-* Unbreak 'run' if container lacks files that are redirected to the host
-
-
-Overview of changes in 0.0.15
-=============================
-
-* Be forgiving of a missing /etc/profile.d/toolbox.sh in 'run'
-* Don't sanity check /etc/subgid and /etc/subuid when running as root
-* Install only flatpak-spawn, not the rest of flatpak-xdg-utils, in the images
-* Let the terminal know the active container only on some Fedora variants
-* Rely on 'podman system migrate' always being present
-* Simplify code by dropping compatibility with 'podman create' < 1.4.0
-* Switch to using /usr/lib/os-release instead of /etc/os-release
-* Unbreak 'create' on Silverblue
-* Update default release to 30 when running on non-fedora hosts
-
-
-Overview of changes in 0.0.14
-=============================
-
-* Adjust the grep match pattern to be more specific
-* Don't exit with a non-zero code from 'toolbox list -i'
-* Expose a few more host locations inside the container under /run/host
-* Give access to the system Flatpak directory
-* Give access to the system libvirt instance
-* Mount /run/media only if it is available
-* Preserve the host's ulimits when creating toolbox containers
-* Work around 'podman exec' resetting the terminal size to 80x24
-
-
-Overview of changes in 0.0.13
-=============================
-
-* Drop PackageKit-command-not-found from the images
-* Improve the help or usage output
-* Simplify code by taking advantage of 'podman create --userns=keep-id'
-* Simplify code by taking advantage of 'podman exec --workdir ...'
-* Tighten the Silverblue check for the welcome message
-
-
-Overview of changes in 0.0.12
-=============================
-
-* Create /run/.toolboxenv inside the toolbox container's entry point too
-* Don't use 'podman cp' to copy toolbox.sh to old containers
-* Drop the "immutable" term
-* Unbreak /etc/localtime & /etc/timezone if /run/host/monitor is absent
-
-
-Overview of changes in 0.0.11
-=============================
-
-* Allow Qt applications to work without QT_X11_NO_MITSHM
-* Check if /etc/subgid and /etc/subuid have entries for the user
-* Give access to the entire /dev from the host operating system
-* Keep /etc/host.conf, /etc/localtime and /etc/timezone synchronized with the
-  host
-* Notify the terminal about the current toolbox container in use
-* Prevent Podman from complaining about 'podman cp --pause=true ...'
-* Unbreak rendering & wrapping of commands typed at an interactive prompt
-* Unbreak setting up /home as a symbolic link
-
-
-Overview of changes in 0.0.10
-=============================
-
-* Add a run command
-* Create /run/.toolboxenv in 'toolbox enter' for identification
-* Drop the Buildah dependency and the user-specific customized image
-* Keep /etc/hosts and /etc/resolv.conf synchronized with the host
-* Migrate existing containers when Podman is updated
-* Retain the PS1 across su(1) and sudo(8)
-* Set the Kerberos credential cache type only if Kerberos is available
-* Support column(1) from bsdmainutils
-* Support 'sudo' as default sudo(8) group
-* Use a magenta hexagon instead of 🔹 in the PS1
-
-
-Overview of changes in 0.0.9
-============================
-
-* Add Bash completion
-* Allow connecting to Wayland displays other than "wayland-0"
-* Ask for confirmation before downloading the base image
-* Improve the onboarding experience
-* Make it available inside the toolbox container
-* Make 'toolbox enter' create or fall back to a container when possible
-* Set TOOLBOX_CONTAINER in the environment to identify as a toolbox
-* Set default release to 29 when running on non-fedora hosts
-* Show welcome texts on interactive shells
-
-
-Overview of changes in 0.0.8
-============================
-
-* Add label for tagging, not tied to the fedora-toolbox name
-* Add short variants for various options in 'create' and 'enter'
-* Ensure that names of toolbox containers don't have a colon
-* Enable Travis
-* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
-* Give access to Kerberos if KCM credential caches are being used
-* Improve the onboarding experience
-* Reduce the sizes of the images by removing temporary files created by DNF
-* Use a lighter entry point than /bin/sh
-
-
-Overview of changes in 0.0.7
-============================
-
-* Add fedora-toolbox image definition for Fedora 31
-* Add flatpak-xdg-utils to Fedoras 29 and 30
-* Add manuals
-* Add rm and rmi commands
-* Be more informative when creating the working container
-* Clarify the error message if the toolbox container is not found
-* Don't create volumes in the image for bind mounts from the host
-* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
-* Give access to /dev/bus for control transfers from USB devices
-* Give access to removable devices and other temporary mounts
-* Lots of Bash-isms removed for POSIX correctness
-* Make the --image flag override the base toolbox image, as documented
-* Make the spinner more efficient
-* Restore documentation removed from the base Fedora images
-
-
-Overview of changes in 0.0.6
-============================
-
-* Add a list command
-* Drop the "fedora" prefix and rename the project as just "toolbox"
-* Fix typos pointed out by https://www.shellcheck.net/
-* Lots of Bash-isms removed for POSIX correctness
-* Make --container and --image command-specific options
-* Make it work inside the toolbox container itself
-* Shorten the prefix for debug and error messages
-* Use the host's PID namespace for the toolbox container
-* Use the standard error output for error messages
-
-
-Overview of changes in 0.0.5
-============================
-
-* Give access to mounts under $HOME, and make autofs work
-* Show a spinner when creating the toolbox
-
-
-Overview of changes in 0.0.4
-============================
-
-* Avoid spooky root-like behaviour for non-root interactive shells
-* Give access to the FUSE kernel module
-* Improve the readability of the debug output
-* Set up $HOME and /home to match the host
-* Try to enter the same directory inside the toolbox
-
-
-Overview of changes in 0.0.3
-============================
-
-* Clean up the Buildah working containers on error
-* Unbreak creating the toolbox if the toolbox image already exists
-
-
-Overview of changes in 0.0.2
-============================
-
-* Allow an 'F' or 'f' prefix when specifying the release
-* Avoid a Bash-ism (ie. ==) and stick to POSIX (ie. =)
-* Fallback to /bin/bash if $SHELL doesn't exist in the toolbox container
-* Give access to the system D-Bus instance
-* Make shm_open work
-
-
-Overview of changes in 0.0.1
-============================
-
-* First preview release
+* Unbroke 'enter' if the NVIDIA Persistence Daemon is used (regression in
+  0.0.99.6)
+* Unbroke 'enter' if the proprietary NVIDIA driver is installed, but not used
+  (regression in 0.0.99.6)


 ----

-Copyright © 2018 – 2020 Red Hat, Inc.
+Copyright © 2024 Red Hat, Inc.
 All rights reserved.

 Copying and distribution of this file, with or without modification,
--- a/NEWS.old
+++ b/NEWS.old
@ -0,0 +1,594 @@
+Overview of changes in 0.1.0
+============================
+
+* Add ubuntu-toolbox image definitions for Ubuntu 24.10
+* Optimize the CI on stable Fedora nodes
+* Stop updating the ubuntu-toolbox images for Ubuntu 16.04 and 18.04
+* Stop using slirp4netns(1) in the system tests
+* Unbreak the downstream Fedora CI
+* Unbreak the ubuntu-toolbox image build for Ubuntu 24.04
+* Update fallback release to 40 for non-fedora hosts
+
+
+Overview of changes in 0.0.99.6
+===============================
+
+* Add all the iconv converter modules for glibc to the fedora-toolbox images
+* Add an extra space after the ⬢ in the PS1
+* Add cracklib-dicts to the fedora-toolbox images
+* Add logos to the Arch Linux and Fedora badges, and a badge for the Ubuntu
+  package
+* Add manual pages and pacman progress bars to the arch-toolbox image
+* Add toolbox image definitions for RHELs 8.8, 8.9, 9.2 and 9.3
+* Add translations for gawk to the fedora-toolbox images
+* Add ubuntu-toolbox image definitions for Ubuntu 24.04
+* Avoid running out of storage space when running the system tests on the CI
+* Bump the minimum github.com/briandowns/spinner version to 1.18.0
+* Depend on github.com/go-logfmt/logfmt version 0.5.0
+* Depend on github.com/NVIDIA/go-nvlib version 0.6.1
+* Depend on github.com/NVIDIA/nvidia-container-toolkit version 1.16.1
+* Don't unmarshal the 'podman ps' JSON twice
+* Don't use use auto dependencies for shell completion scripts
+* Drop one "o" and rename the project as "Toolbx"
+* Enable more tests on Ubuntu 22.04 by setting the SHELL environment variable
+* Enable the proprietary NVIDIA driver
+* Exclude the meson.build files when installing the system tests
+* Fix pacman cache removal in the arch-toolbox image
+* Let 'create' use an image without a name
+* Let the terminal know the active container on all host operating systems,
+  and not just Fedora Silverblue and Workstation
+* Limit the scope of temporary files used by the system tests
+* Optimize 'enter' and 'run' for both an already running container and a
+  container getting initialized
+* Optimize the CI on Fedora nodes
+* Optimize the resource limits tests
+* Preserve the Konsole and xterm versions
+* Require --assumeyes to pull an image when not connected to a terminal
+* Retain errors from toolbox(1) without --verbose when forwarding to host
+* Retain exit codes from toolbox(1) when forwarding to host
+* Show the entry point's debug logs & errors in 'enter' and 'run'
+* Support 64-bit LoongArch
+* Synchronize the documentation with the website
+* Unbreak Podman's downstream Fedora CI
+* Use Buildah and Podman to build and test the arch-toolbox and ubuntu-toolbox
+  images
+* Use the same linker flags as NVIDIA Container Toolkit, and '-z now' is
+  unsupported
+* Work around bug in pasta(1) networks in the system tests
+
+
+Overview of changes in 0.0.99.5
+===============================
+
+* Add psmisc to the fedora-toolbox images
+* Add several new system and unit tests, and make the existing ones stricter
+* Add workaround to support configuring the user's password on some Active
+  Directory set-ups
+* Be aware of security hardened mount points marked with 'nosuid,nodev,noexec'
+* Bump the minimum Bats version to 1.7.0 to simplify running a subset of the
+  system tests and fix various warnings
+* Bump the minimum Go requirement to 1.20
+* Bump the minimum github.com/docker/go-units version to 0.5.0
+* Bump the minimum golang.org/x/sys version to 0.1.0 for CVE-2022-29526 or
+  GHSA-p782-xgp4-8hr8
+* Bump the minimum golang.org/x/text version to 0.3.8 for CVE-2022-32149 or
+  GHSA-69ch-w2m2-3vjp
+* Bump the minimum gopkg.in/yaml.v3 version to 3.0.0 for CVE-2022-28948 or
+  GHSA-hp87-p4gw-j4gq
+* Deprecate the --monitor-host option of 'init-container'
+* Don't leak the NAME and VERSION environment variables into containers made
+  from the fedora-toolbox images
+* Drop golang.org/x/term as a dependency
+* Ensure that Toolbx containers start even if there aren't sufficient resources
+  for inotify(7)
+* Ensure that the fedora-toolbox images retain documentation and translations
+* Ensure that toolbox(1) can be built without using podman(1) and validating
+  subordinate IDs
+* Fix DNS queries in Toolbx containers made from images with systemd-resolved,
+  when running on hosts that don't use it
+* Handle space-separated input when asking for confirmation
+* Let the terminal know the active container also on Fedora Linux Asahi Remix
+* Offer built-in support for Arch Linux
+* Offer built-in support for Ubuntu
+* Preserve the host's environment variables for Bash's history facility inside
+  Toolbx containers
+* Rely on podman >= 1.6.4 always being present
+* Report the size of the image that will be downloaded from a registry
+* Show welcome message on Fedora Sericea
+* Support 64-bit RISC-V
+* Update fallback release to 38 for non-fedora hosts
+* Unbreak the line count checks with Bats >= 1.10.0
+* Unbreak the manual page checks with GNU roff >= 1.23
+* Various updates to the documentation and manuals
+
+
+Overview of changes in 0.0.99.4
+===============================
+
+* Add an --authfile option to 'create'
+* Add a --preserve-fds option to 'run'
+* Add a test that runs codespell
+* Add fedora-toolbox image definition for Fedoras 37, 38 and 39
+* Add several new system tests and make the existing ones stricter
+* Avoid unexpected DNF behaviour with reinstalling or swapping RPMs when
+  building the fedora-toolbox images
+* Be more strict when looking for a C compiler for building
+* Call 'systemd-tmpfiles --create' when installing
+* Check if subordinate ID ranges are present for also the UID, and not just
+  the username
+* Document the toolbox.conf configuration file
+* Don't create a nested pseudo-terminal device during 'run' if the standard
+  input and output streams are not connected to a terminal
+* Don't leak ID and VARIANT_ID into the shell
+* Don't unmarshal the 'podman images' JSON twice
+* Enable OpenGL and Vulkan for hardware with free drivers on the
+  fedora-toolbox images
+* Enable running non-nested display servers from a virtual terminal
+* Enforce all the default 'go vet' checks on all Go sources
+* Enforce gofmt on all Go sources
+* Ensure that the 'distro' option is valid, instead of silently falling back
+  to Fedora
+* Ensure that 'run' has the same container environment as 'enter'
+* Ensure that the fedora-toolbox images has all the locales known to glibc,
+  and not just C, POSIX and C.UTF-8
+* Exit 'run' with exit code of invoked command
+* Fix the titles of the manuals
+* Give precedence to /etc/os-release over /usr/lib/os-release in
+  /etc/profile.d/toolbox.sh
+* Hide the Fedora-specific welcome banner on non-Fedora containers
+* Improve the error messages if the 'distro' and 'release' options are invalid
+* Improve the error messages for mutually exclusive options
+* Improve the default image used for RHEL Toolbx containers to offer an
+  interactive command line experience similar to that on RHEL Workstation
+* Make /etc/profile.d/toolbox.sh compatible with Z shell again
+* Make sd_booted(3) work inside Toolbx containers
+* Preserve the host's XDG_SESSION_CLASS environment variable inside Toolbx
+  containers
+* Replace github.com/mattn/go-isatty and the deprecated
+  golang.org/x/crypto/ssh/terminal API with golang.org/x/term
+* Replace jwhois with whois in the fedora-toolbox images for Fedora >= 37
+* Replace the hand-written shell completion for Bash with ones generated by
+  Cobra that cover fish and Z shell too
+* Restore more documentation removed from the base Fedora images
+* Run unit tests with -Dmigration_path_for_coreos_toolbox on CentOS Stream 9 as
+  part of the CI
+* Silence warning when running the system tests with Bats >= 1.7.0
+* Support RHEL 9 Toolbx containers
+* Support subordinate user and group ID ranges on enterprise set-ups
+* Unbreak sorting and clearly identify copied images in 'list'
+* Update fallback release to 37 for non-fedora hosts
+* Update the Go dependencies with 'go get -u'
+* Various updates to the documentation and manuals
+* Work around Cobra 1.1.2's handling of usage functions
+
+
+Overview of changes in 0.0.99.3
+===============================
+
+* Add bc and iproute to the fedora-toolbox images
+* Add fedora-toolbox image definition for Fedoras 35 and 36
+* Add support for configuration files
+* Add optional migration paths for coreos/toolbox users
+* Allow overriding the path to tmpfilesdir
+* Avoid RPM failures due to unexpected file owners
+* Bump minimum Meson version to 0.58.0
+* Ensure that binaries are run against their build-time ABI
+* Expose the host's entire / in the container at /run/host
+* Fix the PS1 on Z shell
+* Fix wrong use of regexp.MatchString
+* Give access to PC/SC smart card daemon
+* Make locate(1) opt-in by default
+* Make the test suite non-destructive
+* Mention that private images require 'podman login'
+* Remove misleading and redundant CMD from the fedora-toolbox images
+* Remove the deprecated com.github.debarshiray.toolbox label from the
+  fedora-toolbox images, and when creating a new container
+* Replace outdated logos with pixels
+* Show basic help when man(1) is not available
+* Show welcome message on Fedora Kinoite
+* Test ImageReferenceCanBeID and ParseRelease
+* Unbreak 'enter' if the shell had exited with 127
+* Various additions and improvements to the test suite
+* Various updates to the documentation and manuals
+
+
+Overview of changes in 0.0.99.2
+===============================
+
+* Add nano-default-editor to the fedora-toolbox images
+* Add unit tests for pkg/shell
+* Connect Go unit tests to Meson & rename CI job
+* Decouple image caching from Zuul for the system tests
+* Don't assume that the user's GID is the same as the UID
+* Don't require /etc/machine-id in toolbox images
+* Drop ShellCheck on Shell Toolbox
+* Give access to systemd-resolved's Varlink socket
+* Optimize 'enter' and 'run' in the non-fallback case
+* Optimize the performance of 'list'
+* Properly separate builddir setup & build in the Ansible playbooks
+* Rename Dockerfile to Containerfile for the fedora-toolbox images
+* Show test execution time for the system tests
+* Support listing images without names
+* Unbreak 'create' on an unlocked OSTree deployment
+* Unbreak 'create' on CoreOS with read-only /boot
+* Update default release to 33 for non-Fedora hosts
+* Update the GitHub issue templates
+* Use a regular file, not a symbolic link, for the README.md in the
+  fedora-toolbox images
+* Fall back to $HOME when using a container if the current working directory
+  isn't present in it
+* Various updates to the Bash completion
+* Various updates to the manuals
+
+
+Overview of changes in 0.0.99.1
+===============================
+
+* Add deprecation notices to the POSIX shell implementation
+* Add test for the new --distro option
+* Drop the FGC namespace from the fedora-toolbox images
+* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
+* Handle hosts with /etc/localtime as absolute symlink
+* Improve README.md
+* Improve the Zuul configuration
+* Mount /mnt only if it is available
+* Refactor the system tests, and use bats-assert and bats-support
+* Test that sudo doesn't require a password
+* Update the manuals
+
+
+Overview of changes in 0.0.99
+=============================
+
+* Add a --distro option to 'create', 'enter' and 'run'
+* Prevent setting VTE-specific PROMPT_COMMAND without VTE
+* Remove the --candidate-registry option from Bash completion and the manual
+  for 'create'
+* Remove the deprecated reset command
+* Support RHEL hosts by creating containers based on UBI
+* Try to avoid 'latest' tags, when looking at RepoTags
+* Update the labels used for filtering toolbox containers images
+* Update the range of supported Fedora releases
+
+
+Overview of changes in 0.0.98.1
+===============================
+
+* Pass the USER environment variable to the container
+* Make /etc/profile.d/toolbox.sh compatible with Z shell again
+* Update the manual to mention that the --image and --release options of
+  'create' can't be used together
+
+
+Overview of changes in 0.0.98
+=============================
+
+* Add nss-mdns to the fedora-toolbox images
+* Correctly check validity of container name
+* Don't leak all the os-release fields into the shell
+* Don't rely on XDG_RUNTIME_DIR when running as root
+* Give access to Avahi to resolve the .local mDNS domain
+* Make coredumpctl(1) 'dump' and 'debug' work inside toolbox containers
+* Make options --image and --release for 'create' mutually exclusive
+* Notify the terminal about the real UID of 'toolbox enter'
+* Remove periods at the end of flag descriptions
+* Set XDG_RUNTIME_DIR when creating the toolbox container
+* Unbreak 'enter' on hosts without a /etc/localtime
+* Unbreak the system tests on Fedora 33
+* Use the host's user namespace when running as root
+
+
+Overview of changes in 0.0.97
+=============================
+
+* Allow X11 clients to run as root
+* Color the output only when displaying on a terminal
+* Don't rely on user D-Bus to track time zone configuration
+* Enable running minikube on Silverblue
+* Expose the host's /boot inside the container at /run/host
+* Fix missing terminfo warning for Ubuntu containers
+* Make locate(1) work inside toolbox containers
+* Make pseudo-terminal devices be owned by the 'tty' group
+* Rework test to check if a toolbox container started successfully
+* Run a login shell when falling back to Bash during 'enter'
+
+
+Overview of changes in 0.0.96
+=============================
+
+* Don't break GNU Readline's ctrl-p shortcut
+* Enable system tests on Fedora 33
+* Fix containers with missing /media possibly due to a failed RPM transaction
+* Give access to the udev database
+* Unbreak X11 applications with GNOME 3.38
+* Update default release to 31 for non-Fedora hosts
+
+
+Overview of changes in 0.0.95
+=============================
+
+* Try to handle configuration files that're absolute symlinks when the entry
+  point sets up the container
+* Unbreak 'enter' on Fedora CoreOS
+* Unbreak 'sudo' inside toolbox containers with Podman 2.0.5
+* Warn if $TERM has no terminfo entry in the container
+
+
+Overview of changes in 0.0.94
+=============================
+
+* Add contribution guidelines
+* Add fedora-toolbox image definition for Fedora 34
+* Add more information to errors from creating symbolic links when setting up
+  the toolbox container in the entry point
+* Ensure binaries built on Fedora 33 run on Fedoras 32 & 31
+* Install the tests
+* Make it more obvious when falling back to /bin/bash
+* Document that sudo(8) should work without a password
+* Mount a tmpfs at /tmp to match the host
+* Update issue templates
+
+
+Overview of changes in 0.0.93
+=============================
+
+* Ensure reproducible builds by using the -trimpath build flag
+* Fix the test suite to work with the Go implementation
+* Make listing of containers and images more robust against changes in the JSON
+  returned by Podman
+* List out dependencies and installation instructions
+* Re-enable highlighting of running containers
+* Show the spinner only when connected to a terminal
+* Speed things up by caching the Podman version at runtime
+* Update hint after creating a container to use the new syntax
+* Use the correct verb format for string
+
+
+Overview of changes in 0.0.92
+=============================
+
+* Embed the version from Meson into the binary
+* Make it build on aarch64
+
+
+Overview of changes in 0.0.91
+=============================
+
+* Add gvfs-client to the fedora-toolbox images
+* Adjust for changes in JSON output from 'podman ps' and 'podman images' in
+  Podman 2.0
+* Lower the Go build requirements to make it easier to build on Fedora
+* Show an error if $PWD is missing inside the container
+
+
+Overview of changes in 0.0.90
+=============================
+
+* Rewrite Toolbox in Go
+* Remove support for toolbox containers created by Toolbox 0.0.9 and older
+* Add option --version to show current Toolbox version
+* Add options --log-level and --log-podman as possible future replacements for
+  --verbose and --very-verbose
+* Clean up the spinner when aborted by SIGINT (or ctrl+c) and such
+* Fix duplication in the output of the list command
+* Mark the reset command as deprecated (replaced by 'podman system reset')
+* Support specifying the name of a toolbox container as an argument to the
+  create and enter commands, in addition to the --container option
+
+
+Overview of changes in 0.0.18
+=============================
+
+* Check /usr/share/profile.d when bind mounting toolbox.sh
+* Mount /media only if it is available
+* Set up /media and /mnt to match the host
+* Unbreak 'enter' when SELinux is disabled
+
+
+Overview of changes in 0.0.17
+=============================
+
+* Add a --very-verbose or -vv option
+* Deprecate all toolbox containers that don't use a reflexive entry point
+* Ensure that 'run' has at least one argument for the command
+* Give access to the host's systemd journal
+* Wipe out the container's /sys/fs/selinux to not advertise SELinux
+
+
+Overview of changes in 0.0.16
+=============================
+
+* Add a reset command
+* Document requirements for distro support
+* Don't use a toolbox container until after it has been configured
+* Drop the coloured heading from 'list'
+* Miscellaneous fixes to Bash completion
+* Remove the hidden --sudo option and the /etc/sudoers.d snippet
+* Try to migrate to a supported OCI runtime if 'podman start' suggests so
+* Unbreak 'run' if container lacks files that are redirected to the host
+
+
+Overview of changes in 0.0.15
+=============================
+
+* Be forgiving of a missing /etc/profile.d/toolbox.sh in 'run'
+* Don't sanity check /etc/subgid and /etc/subuid when running as root
+* Install only flatpak-spawn, not the rest of flatpak-xdg-utils, in the images
+* Let the terminal know the active container only on some Fedora variants
+* Rely on 'podman system migrate' always being present
+* Simplify code by dropping compatibility with 'podman create' < 1.4.0
+* Switch to using /usr/lib/os-release instead of /etc/os-release
+* Unbreak 'create' on Silverblue
+* Update default release to 30 when running on non-fedora hosts
+
+
+Overview of changes in 0.0.14
+=============================
+
+* Adjust the grep match pattern to be more specific
+* Don't exit with a non-zero code from 'toolbox list -i'
+* Expose a few more host locations inside the container under /run/host
+* Give access to the system Flatpak directory
+* Give access to the system libvirt instance
+* Mount /run/media only if it is available
+* Preserve the host's ulimits when creating toolbox containers
+* Work around 'podman exec' resetting the terminal size to 80x24
+
+
+Overview of changes in 0.0.13
+=============================
+
+* Drop PackageKit-command-not-found from the images
+* Improve the help or usage output
+* Simplify code by taking advantage of 'podman create --userns=keep-id'
+* Simplify code by taking advantage of 'podman exec --workdir ...'
+* Tighten the Silverblue check for the welcome message
+
+
+Overview of changes in 0.0.12
+=============================
+
+* Create /run/.toolboxenv inside the toolbox container's entry point too
+* Don't use 'podman cp' to copy toolbox.sh to old containers
+* Drop the "immutable" term
+* Unbreak /etc/localtime & /etc/timezone if /run/host/monitor is absent
+
+
+Overview of changes in 0.0.11
+=============================
+
+* Allow Qt applications to work without QT_X11_NO_MITSHM
+* Check if /etc/subgid and /etc/subuid have entries for the user
+* Give access to the entire /dev from the host operating system
+* Keep /etc/host.conf, /etc/localtime and /etc/timezone synchronized with the
+  host
+* Notify the terminal about the current toolbox container in use
+* Prevent Podman from complaining about 'podman cp --pause=true ...'
+* Unbreak rendering & wrapping of commands typed at an interactive prompt
+* Unbreak setting up /home as a symbolic link
+
+
+Overview of changes in 0.0.10
+=============================
+
+* Add a run command
+* Create /run/.toolboxenv in 'toolbox enter' for identification
+* Drop the Buildah dependency and the user-specific customized image
+* Keep /etc/hosts and /etc/resolv.conf synchronized with the host
+* Migrate existing containers when Podman is updated
+* Retain the PS1 across su(1) and sudo(8)
+* Set the Kerberos credential cache type only if Kerberos is available
+* Support column(1) from bsdmainutils
+* Support 'sudo' as default sudo(8) group
+* Use a magenta hexagon instead of 🔹 in the PS1
+
+
+Overview of changes in 0.0.9
+============================
+
+* Add Bash completion
+* Allow connecting to Wayland displays other than "wayland-0"
+* Ask for confirmation before downloading the base image
+* Improve the onboarding experience
+* Make it available inside the toolbox container
+* Make 'toolbox enter' create or fall back to a container when possible
+* Set TOOLBOX_CONTAINER in the environment to identify as a toolbox
+* Set default release to 29 when running on non-fedora hosts
+* Show welcome texts on interactive shells
+
+
+Overview of changes in 0.0.8
+============================
+
+* Add label for tagging, not tied to the fedora-toolbox name
+* Add short variants for various options in 'create' and 'enter'
+* Ensure that names of toolbox containers don't have a colon
+* Enable Travis
+* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
+* Give access to Kerberos if KCM credential caches are being used
+* Improve the onboarding experience
+* Reduce the sizes of the images by removing temporary files created by DNF
+* Use a lighter entry point than /bin/sh
+
+
+Overview of changes in 0.0.7
+============================
+
+* Add fedora-toolbox image definition for Fedora 31
+* Add flatpak-xdg-utils to Fedoras 29 and 30
+* Add manuals
+* Add rm and rmi commands
+* Be more informative when creating the working container
+* Clarify the error message if the toolbox container is not found
+* Don't create volumes in the image for bind mounts from the host
+* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
+* Give access to /dev/bus for control transfers from USB devices
+* Give access to removable devices and other temporary mounts
+* Lots of Bash-isms removed for POSIX correctness
+* Make the --image flag override the base toolbox image, as documented
+* Make the spinner more efficient
+* Restore documentation removed from the base Fedora images
+
+
+Overview of changes in 0.0.6
+============================
+
+* Add a list command
+* Drop the "fedora" prefix and rename the project as just "toolbox"
+* Fix typos pointed out by https://www.shellcheck.net/
+* Lots of Bash-isms removed for POSIX correctness
+* Make --container and --image command-specific options
+* Make it work inside the toolbox container itself
+* Shorten the prefix for debug and error messages
+* Use the host's PID namespace for the toolbox container
+* Use the standard error output for error messages
+
+
+Overview of changes in 0.0.5
+============================
+
+* Give access to mounts under $HOME, and make autofs work
+* Show a spinner when creating the toolbox
+
+
+Overview of changes in 0.0.4
+============================
+
+* Avoid spooky root-like behaviour for non-root interactive shells
+* Give access to the FUSE kernel module
+* Improve the readability of the debug output
+* Set up $HOME and /home to match the host
+* Try to enter the same directory inside the toolbox
+
+
+Overview of changes in 0.0.3
+============================
+
+* Clean up the Buildah working containers on error
+* Unbreak creating the toolbox if the toolbox image already exists
+
+
+Overview of changes in 0.0.2
+============================
+
+* Allow an 'F' or 'f' prefix when specifying the release
+* Avoid a Bash-ism (ie. ==) and stick to POSIX (ie. =)
+* Fallback to /bin/bash if $SHELL doesn't exist in the toolbox container
+* Give access to the system D-Bus instance
+* Make shm_open work
+
+
+Overview of changes in 0.0.1
+============================
+
+* First preview release
+
+
+----
+
+Copyright © 2018 – 2024 Red Hat, Inc.
+All rights reserved.
+
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
--- a/README.md
+++ b/README.md
@ -1,210 +1,61 @@
-<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
+![README](data/gfx/README.gif)

-[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
-[![Daily Pipeline](https://img.shields.io/badge/zuul-periodic-informational)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
+[Toolbx](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for software development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).

-[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
-[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
-
-[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
-systems, which allows the use of containerized command line environments. It is
-built on top of [Podman](https://podman.io/) and other standard container
-technologies from [OCI](https://opencontainers.org/).
-
-The toolbox container is a fully *mutable* container; when you see
-`yum install ansible` for example, that's something you can do inside your
-toolbox container, without affecting the base operating system.
+Toolbx environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..

 This is particularly useful on
-[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
-[Fedora CoreOS](https://coreos.fedoraproject.org/) and
-[Silverblue](https://silverblue.fedoraproject.org/).  The intention of these
+[OSTree](https://ostreedev.github.io/ostree/) based operating systems like
+[Fedora CoreOS](https://fedoraproject.org/coreos/) and
+[Silverblue](https://fedoraproject.org/silverblue/). The intention of these
 systems is to discourage installation of software on the host, and instead
-install software as (or in) containers.
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.

-However, this tool doesn't *require* using an OSTree based system — it
-works equally well if you're running e.g. existing Fedora Workstation or
-Server, and that's a useful way to incrementally adopt containerization.
+Toolbx solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.

-The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The Toolbx environment is based on an [OCI](https://www.opencontainers.org/)
 image. On Fedora this is the `fedora-toolbox` image. This image is used to
-create a toolbox container that seamlessly integrates with the rest of the
-operating system.
+create a Toolbx container that offers the interactive command line
+environment.

-## Usage
+Note that Toolbx makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.

-### Create your toolbox container:
-```console
-[user@hostname ~]$ toolbox create
-Created container: fedora-toolbox-33
-Enter with: toolbox enter
-[user@hostname ~]$
-```
-This will create a container called `fedora-toolbox-<version-id>`.

-### Enter the toolbox:
-```console
-[user@hostname ~]$ toolbox enter
-⬢[user@toolbox ~]$
-```
+## Installation & Use

-### Remove a toolbox container:
-```console
-[user@hostname ~]$ toolbox rm fedora-toolbox-33
-[user@hostname ~]$
-```
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbx and [Linux distro support](https://containertoolbx.org/distros/).

-## Dependencies and Installation

-Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
-system.
+##

-The following dependencies are required to build it:
- meson
- go-md2man
- systemd
+[![Star History Chart](https://api.star-history.com/svg?repos=containers/toolbox&type=Date)](https://star-history.com/#containers/toolbox&Date)

-The following dependencies enable various optional features:
- bash-completion

-It can be built and installed as any other typical Meson-based project:
-```console
-[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
-[user@hostname toolbox]$ ninja -C builddir
-[user@hostname toolbox]$ sudo ninja -C builddir install
-```
+##

-Toolbox is written in Go. Consult the
-[src/go.mod](https://github.com/containers/toolbox/blob/master/src/go.mod) file
-for a full list of all the Go dependencies.
+[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
+[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)

-By default, Toolbox uses Go modules and all the required Go packages are
-automatically downloaded as part of the build. There's no need to worry about
-the Go dependencies, unless the build environment doesn't have network access
-or any such peculiarities.
-
-## Goals and Use Cases
-
-### High Level Goals
-
- Provide a CLI convenience interface to run containers (via `podman`) easily
- Support for Developer and Debugging/Management use cases
- Support for multiple distros
-    - toolbox package in multiple distros
-    - toolbox containers for multiple distros
-
-### Non-Goals - Anti Use Cases
-
- Supporting multiple container runtimes. `toolbox` will use `podman` exclusively
- Adding significant features on top of `podman`
-	- Significant feature requests should be driven into `podman` upstream
- To run containers that aren't tightly integrated with the host
-	- i.e. extremely sandboxed containers become specific to the user quickly
-
-### Developer Use Cases
-
- I’m a developer hacking on source code and building/testing code
-    - Most cases: user doesn't need root, rootless containers work fine
-    - Some cases: user needs root for testing
- Desktop Development: 
-    - developers need things like dbus, display, etc, to be forwarded into the toolbox
- Headless Development:
-    - toolbox works properly in headless environments (no display, etc)
- Need development tools like gdb, strace, etc to work
-
-### Debugging/System management Use Cases
-
- Inspecting Host Processes/Kernel
-    - Typically need root access
-    - Need bpftrace, strace on host processes to work
-		- Ideally even do things like helping get kernel-debuginfo data for the host kernel
- Managing system services
-    - systemctl restart foo.service
-    - journalctl
- Managing updates to the host
-    - rpm-ostree
-    - dnf/yum (classic systems)
-
-### Specific environments
-
- Fedora Silverblue
-	- Silverblue comes with a subset of packages and discourages host software changes
-		- Users need a toolbox container as a working environment
-		- Future: use toolbox container by default when a user opens a shell
- Fedora CoreOS
-	- Similar to silverblue, but non-graphical and smaller package set
- RHEL CoreOS
-	- Similar to Fedora CoreOS. Based on RHEL content and the underlying OS for OpenShift
-	- Need to [use default authfile on pull](https://github.com/coreos/toolbox/pull/58/commits/413f83f7240d3c31121b557bfd55e489fad24489)
-    - Need to ensure compatibility with the rhel7/support-tools container 
-		- currently not a toolbox image, opportunity for collaboration
-	- Alignment with `oc debug node/` (OpenShift)
-		- `oc debug node` opens a shell on a kubernetes node
-		- Value in having a consistent environment for both `toolbox` in debugging mode and `oc debug node`
-
-## Distro support
-
-By default, Toolbox creates the container using an
-[OCI](https://www.opencontainers.org/) image called
-`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
-host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
-host would be `fedora-toolbox:33`.
-
-This default can be overridden by the `--image` option in `toolbox create`,
-but operating system distributors should provide an adequately configured
-default image to ensure a smooth user experience.
-
-## Image requirements
-
-Toolbox customizes newly created containers in a certain way. This requires
-certain tools and paths to be present and have certain characteristics inside
-the OCI image.
-
-Tools:
-* `getent(1)`
-* `id(1)`
-* `ln(1)`
-* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
-* `passwd(1)`
-* `readlink(1)`
-* `rm(1)`
-* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
-* `sleep(1)`
-* `test(1)`
-* `touch(1)`
-* `unlink(1)`
-* `useradd(8)`
-* `usermod(8)`
-
-Paths:
-* `/etc/host.conf`: optional, if present not a bind mount
-* `/etc/hosts`: optional, if present not a bind mount
-* `/etc/krb5.conf.d`: directory, not a bind mount
-* `/etc/localtime`: optional, if present not a bind mount
-* `/etc/resolv.conf`: optional, if present not a bind mount
-* `/etc/timezone`: optional, if present not a bind mount
-
-Toolbox enables `sudo(8)` access inside containers. The following is necessary
-for that to work:
-
-* The image should have `sudo(8)` enabled for users belonging to either the
-  `sudo` or `wheel` groups, and the group itself should exist. File an
-  [issue](https://github.com/containers/toolbox/issues/new) if you really need
-  support for a different group. However, it's preferable to keep this list as
-  short as possible.
-
-* The image should allow empty passwords for `sudo(8)`. This can be achieved
-  by either adding the `nullok` option to the `PAM(8)` configuration, or by
-  add the `NOPASSWD` tag to the `sudoers(5)` configuration.
-
-Since Toolbox only works with OCI images that fulfill certain requirements,
-it will refuse images that aren't tagged with
-`com.github.containers.toolbox="true"` and
-`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
-used by the maintainer of the image to indicate that they have read this
-document and tested that the image works with Toolbox. You can use the
-following snippet in a Dockerfile for this:
-```Dockerfile
-LABEL com.github.containers.toolbox="true" \
-      com.github.debarshiray.toolbox="true"
-```
+[![Arch Linux package](https://img.shields.io/archlinux/v/extra/x86_64/toolbox?logo=archlinux)](https://www.archlinux.org/packages/extra/x86_64/toolbox/)
+[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide?logo=fedora)](https://src.fedoraproject.org/rpms/toolbox/)
+[![Ubuntu package](https://img.shields.io/badge/ubuntu-0.0.99.3%2Bgit20230118%2B446d7bfdef6a-orange?logo=ubuntu)](https://packages.ubuntu.com/noble/podman-toolbox)
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,5 +1,5 @@
-## Security and Disclosure Information Policy for the Toolbox Project
+## Security and Disclosure Information Policy for the Toolbx Project

-The Toolbox Project follows the
-[Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md)
+The Toolbx Project follows the
+[Security and Disclosure Information Policy](https://github.com/containers/common/blob/main/SECURITY.md)
 for the Containers Projects.
--- a/completion/bash/toolbox
+++ b/completion/bash/toolbox
@ -1,85 +0,0 @@
-# Check for bash
-[ -z "$BASH_VERSION" ] && return
-
-__toolbox_containers() {
-  podman ps --all --format '{{.Names}}'
-}
-
-__toolbox_distros() {
-  echo "fedora"
-  echo "rhel"
-}
-
-__toolbox_images() {
-  podman images --format '{{.Repository}}:{{.Tag}}'
-}
-
-__toolbox() {
-  local MIN_VERSION=32
-  local RAWHIDE_VERSION=34
-
-  local commands="create enter help init-container list rm rmi run"
-
-  declare -A options
-  local options=([create]="--container --distro --image --release" \
-                 [enter]="--container --distro --release" \
-                 [help]="$commands" \
-                 [init-container]="--home --home-link --monitor-host --shell --uid --user" \
-		 [list]="--containers --images" \
-		 [rm]="--all --force" \
-		 [rmi]="--all --force" \
-		 [run]="--container --distro --release")
-
-  _init_completion -s || return
-
-  if [ "${COMP_CWORD}" -eq 1 ]; then
-    mapfile -t COMPREPLY < <(compgen -W "--assumeyes --help --verbose --very-verbose $commands" -- "$2")
-    return 0
-  fi
-
-  case "$prev" in
-    --verbose | -v | --very-verbose | -vv)
-      mapfile -t COMPREPLY < <(compgen -W "$commands" -- "$2")
-      return 0
-      ;;
-    --container | -c)
-      mapfile -t COMPREPLY < <(compgen -W "$(__toolbox_containers)" -- "$2")
-      return 0
-      ;;
-    --distro | -d)
-      mapfile -t COMPREPLY < <(compgen -W "$(__toolbox_distros)" -- "$2")
-      return 0
-      ;;
-    --image | -i)
-      mapfile -t COMPREPLY < <(compgen -W "$(__toolbox_images)" -- "$2")
-      return 0
-      ;;
-    --release | -r)
-      mapfile -t COMPREPLY < <(compgen -W "$(seq $MIN_VERSION $RAWHIDE_VERSION)" -- "$2")
-      return 0
-      ;;
-  esac
-
-  local command
-  if [ "${COMP_WORDS[1]}" = --verbose ] || [ "${COMP_WORDS[1]}" = --very-verbose ]; then
-    command=${COMP_WORDS[2]}
-  else
-    command=${COMP_WORDS[1]}
-  fi
-
-  local extra_comps
-  case "$command" in
-    rm)
-      extra_comps="$(__toolbox_containers)"
-      ;;&
-    rmi)
-      extra_comps="$(__toolbox_images)"
-      ;;&
-    *)
-      mapfile -t COMPREPLY < <(compgen -W "${options[$command]} $extra_comps" -- "$2")
-      return 0;
-      ;;
-  esac
-}
-
-complete -F __toolbox toolbox
--- a/data/config/meson.build
+++ b/data/config/meson.build
@ -0,0 +1,4 @@
+install_data(
+  'toolbox.conf',
+  install_dir: get_option('sysconfdir') / 'containers',
+)
--- a/data/config/toolbox.conf
+++ b/data/config/toolbox.conf
@ -0,0 +1,17 @@
+[general]
+# Create a toolbox container for a different operating system distro than the
+# host. Cannot be used with 'image'.
+## distro = "fedora"
+
+# Create a toolbox container for a different operating system release than the
+# host. Cannot be used with 'image'.
+## release = "33"
+
+# Change the name of the image used to create the toolbox container. This is
+# useful for creating containers from custom-built images. Cannot be used with
+# 'distro' or 'release'.
+#
+# If the name does not contain a registry, the local image storage will be
+# consulted, and if it's not present there then it will be pulled from a
+# suitable remote registry.
+## image = "registry.fedoraproject.org/fedora-toolbox:34"
--- a/data/gfx/CONTRIBUTING.gif
+++ b/data/gfx/CONTRIBUTING.gif
--- a/data/gfx/README.gif
+++ b/data/gfx/README.gif
--- a/data/gfx/powerup.gif
+++ b/data/gfx/powerup.gif
--- a/data/logo/toolbox-logo-landscape-BW.svg
+++ b/data/logo/toolbox-logo-landscape-BW.svg
--- a/data/logo/toolbox-logo-landscape-WB.svg
+++ b/data/logo/toolbox-logo-landscape-WB.svg
--- a/data/logo/toolbox-logo-landscape.svg
+++ b/data/logo/toolbox-logo-landscape.svg
--- a/data/logo/toolbox-logo-specimen.pdf
+++ b/data/logo/toolbox-logo-specimen.pdf
--- a/data/logo/toolbox-logo-specimen.svg
+++ b/data/logo/toolbox-logo-specimen.svg
--- a/data/logo/toolbox-logo.png
+++ b/data/logo/toolbox-logo.png
--- a/data/logo/toolbox-logo.svg
+++ b/data/logo/toolbox-logo.svg
--- a/data/meson.build
+++ b/data/meson.build
@ -1 +1,2 @@
+subdir('config')
 subdir('tmpfiles.d')
--- a/data/tmpfiles.d/toolbox.conf
+++ b/data/tmpfiles.d/toolbox.conf
@ -1 +1,2 @@
-d /run/media 0755 root root
+d /run/media 0755 root root - -
+L /run/host  -    -    -    - ../
--- a/doc/meson.build
+++ b/doc/meson.build
@ -4,28 +4,36 @@ go_md2man_command = [
  '-out', '@OUTPUT@',
 ]

-manuals = [
-  'toolbox.1',
-  'toolbox-create.1',
-  'toolbox-enter.1',
-  'toolbox-init-container.1',
-  'toolbox-help.1',
-  'toolbox-list.1',
-  'toolbox-rm.1',
-  'toolbox-rmi.1',
-  'toolbox-run.1',
-]
+manuals = {
+  '1': [
+    'toolbox',
+    'toolbox-create',
+    'toolbox-enter',
+    'toolbox-init-container',
+    'toolbox-help',
+    'toolbox-list',
+    'toolbox-rm',
+    'toolbox-rmi',
+    'toolbox-run',
+  ],
+  '5': [
+    'toolbox.conf',
+  ]
+}

-foreach manual: manuals
-  input = manual + '.md'
-  output = manual
+foreach section, pages: manuals
+  foreach page: pages
+    output = page + '.' + section
+    input = output + '.md'
+    sectiondir = 'man' + section

-  custom_target(
-    output,
-    command: go_md2man_command,
-    input: input,
-    install: true,
-    install_dir: join_paths(get_option('mandir'), 'man1'),
-    output: output,
-  )
+    custom_target(
+      output,
+      command: go_md2man_command,
+      input: input,
+      install: true,
+      install_dir: get_option('mandir') / sectiondir,
+      output: output,
+    )
+  endforeach
 endforeach
--- a/doc/toolbox-create.1.md
+++ b/doc/toolbox-create.1.md
@ -1,77 +1,141 @@
-% toolbox-create(1)
+% toolbox-create 1

 ## NAME
-toolbox\-create - Create a new toolbox container
+toolbox\-create - Create a new Toolbx container

 ## SYNOPSIS
-**toolbox create** [*--container NAME* | *-c NAME*]
+**toolbox create** [*--authfile FILE*]
               [*--distro DISTRO* | *-d DISTRO*]
               [*--image NAME* | *-i NAME*]
               [*--release RELEASE* | *-r RELEASE*]
+               [*CONTAINER*]

 ## DESCRIPTION

-Creates a new toolbox container. You can then use the `toolbox enter` command
+Creates a new Toolbx container. You can then use the `toolbox enter` command
 to interact with the container at any point.

-A toolbox container is an OCI container created from an OCI image. On Fedora
-the base image is known as `fedora-toolbox`. If the image is not present
-locally, then it is pulled from a well-known registry like
-`registry.fedoraproject.org`. The base image is locally customized for the
-current user to create a second image, from which the container is finally
-created.
+A Toolbx container is an OCI container created from an OCI image. On Fedora,
+the default image is known as `fedora-toolbox:N`, where N is the release of
+the host. If the image is not present locally, then it is pulled from a
+well-known registry like `registry.fedoraproject.org`. Other images may be
+used on other host operating systems. If the host is not recognized, then the
+Fedora image will be used.

-Toolbox containers and images are tagged with the version of the OS that
-corresponds to the content inside them. The user-specific images and the
-toolbox containers are prefixed with the name of the base image and suffixed
-with the current user name.
+The container is created with `podman create`, and its entry point is set to
+`toolbox init-container`.
+
+By default, a Toolbx container is named after its corresponding image. If the
+image had a tag, then the tag is included in the name of the container, but
+it's separated by a hyphen, not a colon. A different name can be assigned by
+using the CONTAINER argument.
+
+### Container Configuration
+
+A Toolbx container seamlessly integrates with the rest of the operating
+system by providing access to the user's home directory, the Wayland and X11
+sockets, networking (including Avahi), removable devices (like USB sticks),
+systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc..
+
+The user ID and account details from the host is propagated into the Toolbx
+container, SELinux label separation is disabled, and the host file system can
+be accessed by the container at /run/host. The container has access to the
+host's Kerberos credentials cache if it's configured to use KCM caches.
+
+A Toolbx container can be identified by the `com.github.containers.toolbox`
+label or the `/run/.toolboxenv` file.
+
+The entry point of a Toolbx container is the `toolbox init-container` command
+which plays a role in setting up the container, along with the options passed
+to `podman create`.
+
+### Entry Point
+
+A key feature of Toolbx containers is their entry point, the `toolbox
+init-container` command.
+
+OCI containers are inherently immutable. Configuration options passed through
+`podman create` are baked into the definition of the OCI container, and can't
+be changed later. This means that changes and improvements made in newer
+versions of Toolbx can't be applied to pre-existing Toolbx containers
+created by older versions of Toolbx. This is avoided by using the entry point
+to configure the container at runtime.
+
+The entry point of a Toolbx container customizes the container to fit the
+current user by ensuring that it has a user that matches the one on the host,
+and grants it `sudo` and `root` access.
+
+Crucial configuration files, such as `/etc/host.conf`, `/etc/hosts`,
+`/etc/localtime`, `/etc/resolv.conf` and `/etc/timezone`, inside the container
+are kept synchronized with the host. The entry point also bind mounts various
+subsets of the host's file system hierarchy to their corresponding locations
+inside the container to provide seamless integration with the host. This
+includes `/run/libvirt`, `/run/systemd/journal`, `/run/udev/data`,
+`/var/lib/libvirt`, `/var/lib/systemd/coredump`, `/var/log/journal` and others.
+
+On some host operating systems, important paths like `/home`, `/media` or
+`/mnt` are symbolic links to other locations. The entry point ensures that
+paths inside the container match those on the host, to avoid needless
+confusion.

 ## OPTIONS ##

-The following options are understood:
+**--authfile** FILE

-**--container** NAME, **-c** NAME
+Path to a FILE with credentials for authenticating to the registry for private
+images. The FILE is usually set using `podman login`, and will be used by
+`podman pull` to get the image.

-Assign a different NAME to the toolbox container. This is useful for creating
-multiple toolbox containers from the same base image, or for entirely
-customized containers from custom-built base images.
+The default location for FILE is `$XDG_RUNTIME_DIR/containers/auth.json` and
+its format is specified in `containers-auth.json(5)`.

 **--distro** DISTRO, **-d** DISTRO

-Create a toolbox container for a different operating system DISTRO than the
-host. Cannot be used with `--image`.
+Create a Toolbx container for a different operating system DISTRO than the
+host. Cannot be used with `--image`. Has to be coupled with `--release` unless
+the selected DISTRO matches the host.

 **--image** NAME, **-i** NAME

-Change the NAME of the base image used to create the toolbox container. This
-is useful for creating containers from custom-built base images. Cannot be used
-used with `--release`.
+Change the NAME of the image used to create the Toolbx container. This is
+useful for creating containers from custom-built images. Cannot be used with
+`--distro` and `--release`.
+
+If NAME does not contain a registry, the local image storage will be
+consulted, and if it's not present there then it will be pulled from a suitable
+remote registry.

 **--release** RELEASE, **-r** RELEASE

-Create a toolbox container for a different operating system RELEASE than the
+Create a Toolbx container for a different operating system RELEASE than the
 host. Cannot be used with `--image`.

 ## EXAMPLES

-### Create a toolbox container using the default image matching the host OS
+### Create the default Toolbx container matching the host OS

 ```
 $ toolbox create
 ```

-### Create a toolbox container using the default image for Fedora 30
+### Create the default Toolbx container for Fedora 36

 ```
-$ toolbox create --distro fedora --release f30
+$ toolbox create --distro fedora --release f36
 ```

-### Create a custom toolbox container from a custom image
+### Create a custom Toolbx container from a custom image

 ```
-$ toolbox create --container foo --image bar
+$ toolbox create --image bar foo
+```
+
+### Create a custom Toolbx container from a custom image that's private
+
+```
+$ toolbox create --authfile ~/auth.json --image registry.example.com/bar
 ```

 ## SEE ALSO

-`buildah(1)`, `podman(1)`
+`toolbox(1)`, `toolbox-init-container(1)`, `podman(1)`, `podman-create(1)`, `podman-login(1)`, `podman-pull(1)`, `containers-auth.json(5)`
--- a/doc/toolbox-enter.1.md
+++ b/doc/toolbox-enter.1.md
@ -1,68 +1,66 @@
-% toolbox-enter(1)
+% toolbox-enter 1

 ## NAME
-toolbox\-enter - Enter a toolbox container for interactive use
+toolbox\-enter - Enter a Toolbx container for interactive use

 ## SYNOPSIS
-**toolbox enter** [*--container NAME* | *-c NAME*]
-              [*--distro DISTRO* | *-d DISTRO*]
+**toolbox enter** [*--distro DISTRO* | *-d DISTRO*]
              [*--release RELEASE* | *-r RELEASE*]
+              [*CONTAINER*]

 ## DESCRIPTION

-Spawns an interactive shell inside a toolbox container. The container should
-have been created using the `toolbox create` command. If there aren't any
-containers, `toolbox enter` will offer to create one for you. When invoked with
-the default parameters, and if there's only one container available, it will
-fall back to it, even if it doesn't match the default name.
+Spawns an interactive shell inside a Toolbx container that was created using
+the `toolbox create` command. It tries to spawn the user's default shell, but
+if it's not available inside the container then it falls back to `/bin/bash`.

-A toolbox container is an OCI container. Therefore, `toolbox enter` is
+When invoked without any options, `toolbox enter` will try to enter the default
+Toolbx container for the host, or if there's only one container available then
+it will use it. On Fedora, the default container is known as
+`fedora-toolbox-N`, where N is the release of the host. If there aren't any
+containers, `toolbox enter` will offer to create the default one for you.
+
+A specific container can be selected using the CONTAINER argument.
+
+A Toolbx container is an OCI container. Therefore, `toolbox enter` is
 analogous to a `podman start` followed by a `podman exec`.

-By default, the toolbox containers are tagged with the version of the OS that
-corresponds to the content inside them. Their names are prefixed with the name
-of the base image and suffixed with the current user name.
-
 ## OPTIONS ##

 The following options are understood:

-**--container** NAME, **-c** NAME
-
-Enter a toolbox container with the given NAME. This is useful when there are
-multiple toolbox containers created from the same base image, or entirely
-customized containers created from custom-built base images.
-
 **--distro** DISTRO, **-d** DISTRO

-Enter a toolbox container for a different operating system DISTRO than the
+Enter a Toolbx container for a different operating system DISTRO than the
+host. Has to be coupled with `--release` unless the selected DISTRO matches the
 host.

 **--release** RELEASE, **-r** RELEASE

-Enter a toolbox container for a different operating system RELEASE than the
+Enter a Toolbx container for a different operating system RELEASE than the
 host.

 ## EXAMPLES

-### Enter a toolbox container using the default image matching the host OS
+### Enter the default Toolbx container matching the host OS

 ```
 $ toolbox enter
 ```

-### Enter a toolbox container using the default image for Fedora 30
+### Enter the default Toolbx container for Fedora 36

 ```
-$ toolbox enter --distro fedora --release f30
+$ toolbox enter --distro fedora --release f36
 ```

-### Enter a custom toolbox container using a custom image
+### Enter a Toolbx container with a custom name

 ```
-$ toolbox enter --container foo
+$ toolbox enter foo
 ```

 ## SEE ALSO

-`buildah(1)`, `podman(1)`, `podman-exec(1)`, `podman-start(1)`
+`toolbox(1)`, `toolbox-run(1)`, `podman(1)`, `podman-exec(1)`,
+`podman-start(1)`
--- a/doc/toolbox-help.1.md
+++ b/doc/toolbox-help.1.md
@ -1,7 +1,7 @@
-% toolbox-help(1)
+% toolbox-help 1

 ## NAME
-toolbox\-help - Display help information about Toolbox
+toolbox\-help - Display help information about Toolbx

 ## SYNOPSIS
 **toolbox help** [*COMMAND*]
@ -29,3 +29,7 @@ $ toolbox help
 ```
 $ toolbox help create
 ```
+
+## SEE ALSO
+
+`toolbox(1)`
--- a/doc/toolbox-init-container.1.md
+++ b/doc/toolbox-init-container.1.md
@ -1,14 +1,14 @@
-% toolbox-init-container(1)
+% toolbox-init-container 1

 ## NAME
 toolbox\-init\-container - Initialize a running container

 ## SYNOPSIS
-**toolbox init-container** *--home HOME*
+**toolbox init-container** *--gid GID*
+                       *--home HOME*
                       *--home-link*
                       *--media-link*
                       *--mnt-link*
-                       *--monitor-host*
                       *--shell SHELL*
                       *--uid UID*
                       *--user USER*
@ -16,17 +16,50 @@ toolbox\-init\-container - Initialize a running container
 ## DESCRIPTION

 Initializes a newly created container that's running. It is primarily meant to
-be used as the entry point for all toolbox containers, and must be run inside
+be used as the entry point for all Toolbx containers, and must be run inside
 the container that's to be initialized. It is not expected to be directly
 invoked by humans, and cannot be used on the host.

+A key feature of Toolbx containers is their entry point, the `toolbox
+init-container` command.
+
+OCI containers are inherently immutable. Configuration options passed through
+`podman create` are baked into the definition of the OCI container, and can't
+be changed later. This means that changes and improvements made in newer
+versions of Toolbx can't be applied to pre-existing Toolbx containers
+created by older versions of Toolbx. This is avoided by using the entry point
+to configure the container at runtime.
+
+The entry point of a Toolbx container customizes the container to fit the
+current user by ensuring that it has a user that matches the one on the host,
+and grants it `sudo` and `root` access.
+
+Crucial configuration files, such as `/etc/host.conf`, `/etc/hosts`,
+`/etc/localtime`, `/etc/resolv.conf` and `/etc/timezone`, inside the container
+are kept synchronized with the host. The entry point also bind mounts various
+subsets of the host's file system hierarchy to their corresponding locations
+inside the container to provide seamless integration with the host. This
+includes `/run/libvirt`, `/run/systemd/journal`, `/run/udev/data`,
+`/var/lib/libvirt`, `/var/lib/systemd/coredump`, `/var/log/journal` and others.
+
+On some host operating systems, important paths like `/home`, `/media` or
+`/mnt` are symbolic links to other locations. The entry point ensures that
+paths inside the container match those on the host, to avoid needless
+confusion.
+
 ## OPTIONS ##

 The following options are understood:

+**--gid** GID
+
+Pass GID as the user's numerical group ID from the host to the Toolbx
+container.
+
 **--home** HOME

-Create a user inside the toolbox container whose login directory is HOME.
+Create a user inside the Toolbx container whose login directory is HOME. This
+option is required.

 **--home-link**

@ -42,22 +75,28 @@ Make `/mnt` a symbolic link to `/var/mnt`.

 **--monitor-host**

-Ensure that certain configuration files inside the toolbox container are kept
-synchronized with their counterparts on the host. Currently, these files are
-`/etc/hosts` and `/etc/resolv.conf`.
+Deprecated, does nothing.
+
+Crucial configuration files inside the Toolbx container are always kept
+synchronized with their counterparts on the host, and various subsets of the
+host's file system hierarchy are always bind mounted to their corresponding
+locations inside the Toolbx container.

 **--shell** SHELL

-Create a user inside the toolbox container whose login shell is SHELL.
+Create a user inside the Toolbx container whose login shell is SHELL. This
+option is required.

 **--uid** UID

-Create a user inside the toolbox container whose numerical user ID is UID.
+Create a user inside the Toolbx container whose numerical user ID is UID. This
+option is required.

 **--user** USER

-Create a user inside the toolbox container whose login name is LOGIN.
+Create a user inside the Toolbx container whose login name is LOGIN. This
+option is required.

 ## SEE ALSO

-`podman(1)`, `podman-create(1)`, `podman-start(1)`
+`toolbox(1)`, `podman(1)`, `podman-create(1)`, `podman-start(1)`
--- a/doc/toolbox-list.1.md
+++ b/doc/toolbox-list.1.md
@ -1,15 +1,15 @@
-% toolbox-list(1)
+% toolbox-list 1

 ## NAME
-toolbox\-list - List existing toolbox containers and images
+toolbox\-list - List existing Toolbx containers and images

 ## SYNOPSIS
 **toolbox list** [*--containers* | *-c*] [*--images* | *-i*]

 ## DESCRIPTION

-Lists existing toolbox containers and images. These are OCI containers and
-images, which can be managed directly with tools like `buildah` and `podman`.
+Lists existing Toolbx containers and images. These are OCI containers and
+images, which can be managed directly with a tool like `podman`.

 ## OPTIONS ##

@ -17,27 +17,27 @@ The following options are understood:

 **--containers, -c**

-List only toolbox containers, not images.
+List only Toolbx containers, not images.

 **--images, -i**

-List only toolbox images, not containers.
+List only Toolbx images, not containers.

 ## EXAMPLES

-### List all existing toolbox containers and images
+### List all existing Toolbx containers and images

 ```
 $ toolbox list
 ```

-### List existing toolbox containers only
+### List existing Toolbx containers only

 ```
 $ toolbox list --containers
 ```

-### List existing toolbox images only
+### List existing Toolbx images only

 ```
 $ toolbox list --images
@ -45,4 +45,4 @@ $ toolbox list --images

 ## SEE ALSO

-`buildah(1)`, `podman(1)`
+`toolbox(1)`, `podman(1)`, `podman-ps(1)`, `podman-images(1)`
--- a/doc/toolbox-rm.1.md
+++ b/doc/toolbox-rm.1.md
@ -1,17 +1,17 @@
-% toolbox-rm(1)
+% toolbox-rm 1

 ## NAME
-toolbox\-rm - Remove one or more toolbox containers
+toolbox\-rm - Remove one or more Toolbx containers

 ## SYNOPSIS
-**toolbox rm** [*--all*] [*--force*] [*CONTAINER*...]
+**toolbox rm** [*--all* | *-a*] [*--force* | *-f*] [*CONTAINER*...]

 ## DESCRIPTION

-Removes one or more toolbox containers from the host. The container should
+Removes one or more Toolbx containers from the host. The container should
 have been created using the `toolbox create` command.

-A toolbox container is an OCI container. Therefore, `toolbox rm` can be used
+A Toolbx container is an OCI container. Therefore, `toolbox rm` can be used
 interchangeably with `podman rm`.

 ## OPTIONS ##
@ -20,28 +20,28 @@ The following options are understood:

 **--all, -a**

-Remove all toolbox containers. It can be used in conjuction with `--force` as
+Remove all Toolbx containers. It can be used in conjunction with `--force` as
 well.

 **--force, -f**

-Force the removal of running and paused toolbox containers.
+Force the removal of running and paused Toolbx containers.

 ## EXAMPLES

-### Remove a toolbox container named `fedora-toolbox-gegl:30`
+### Remove a Toolbx container named `fedora-toolbox-gegl:36`

 ```
-$ toolbox rm fedora-toolbox-gegl:30
+$ toolbox rm fedora-toolbox-gegl:36
 ```

-### Remove all toolbox containers, but not those that are running or paused
+### Remove all Toolbx containers, but not those that are running or paused

 ```
 $ toolbox rm --all
 ```

-### Remove all toolbox containers, including ones that are running or paused
+### Remove all Toolbx containers, including ones that are running or paused

 ```
 $ toolbox rm --all --force
@ -49,4 +49,4 @@ $ toolbox rm --all --force

 ## SEE ALSO

-`buildah(1)`, `podman(1)`, `podman-rm(1)`
+`toolbox(1)`, `podman(1)`, `podman-rm(1)`
--- a/doc/toolbox-rmi.1.md
+++ b/doc/toolbox-rmi.1.md
@ -1,17 +1,17 @@
-% toolbox-rmi(1)
+% toolbox-rmi 1

 ## NAME
-toolbox\-rmi - Remove one or more toolbox images
+toolbox\-rmi - Remove one or more Toolbx images

 ## SYNOPSIS
-**toolbox rmi** [*--all*] [*--force*] [*IMAGE*...]
+**toolbox rmi** [*--all* | *-a*] [*--force* | *-f*] [*IMAGE*...]

 ## DESCRIPTION

-Removes one or more toolbox images from the host. The image should have been
+Removes one or more Toolbx images from the host. The image should have been
 created using the `toolbox create` command.

-A toolbox image is an OCI image. Therefore, `toolbox rmi` can be used
+A Toolbx image is an OCI image. Therefore, `toolbox rmi` can be used
 interchangeably with `podman rmi`.

 ## OPTIONS ##
@ -20,28 +20,28 @@ The following options are understood:

 **--all, -a**

-Remove all toolbox images. It can be used in conjuction with `--force` as well.
+Remove all Toolbx images. It can be used in conjunction with `--force` as well.

 **--force, -f**

-Force the removal of toolbox images that are used by toolbox containers. The
+Force the removal of Toolbx images that are used by Toolbx containers. The
 dependent containers will be removed as well.

 ## EXAMPLES

-### Remove a toolbox image named `localhost/fedora-toolbox-gegl:30`
+### Remove a Toolbx image named `localhost/fedora-toolbox-gegl:36`

 ```
-$ toolbox rmi localhost/fedora-toolbox-gegl:30
+$ toolbox rmi localhost/fedora-toolbox-gegl:36
 ```

-### Remove all toolbox images, but not those that are used by containers
+### Remove all Toolbx images, but not those that are used by containers

 ```
 $ toolbox rmi --all
 ```

-### Remove all toolbox images and their dependent containers
+### Remove all Toolbx images and their dependent containers

 ```
 $ toolbox rmi --all --force
@ -49,4 +49,4 @@ $ toolbox rmi --all --force

 ## SEE ALSO

-`buildah(1)`, `podman(1)`, `podman-rmi(1)`
+`toolbox(1)`, `podman(1)`, `podman-rmi(1)`
--- a/doc/toolbox-run.1.md
+++ b/doc/toolbox-run.1.md
@ -1,24 +1,26 @@
-% toolbox-run(1)
+% toolbox-run 1

 ## NAME
-toolbox\-run - Run a command in an existing toolbox container
+toolbox\-run - Run a command in an existing Toolbx container

 ## SYNOPSIS
 **toolbox run** [*--container NAME* | *-c NAME*]
            [*--distro DISTRO* | *-d DISTRO*]
-            [*--release RELEASE* | *-r RELEASE*] [*COMMAND*]
+            [*--preserve-fds N*]
+            [*--release RELEASE* | *-r RELEASE*]
+            [*COMMAND*]

 ## DESCRIPTION

-Runs a command inside an existing toolbox container. The container should have
+Runs a command inside an existing Toolbx container. The container should have
 been created using the `toolbox create` command.

-A toolbox container is an OCI container. Therefore, `toolbox run` is analogous
-to a `podman start` followed by a `podman exec`.
+On Fedora, the default container is known as `fedora-toolbox-N`, where N is
+the release of the host. A specific container can be selected using the
+`--container` option.

-By default, the toolbox containers are tagged with the version of the OS that
-corresponds to the content inside them. Their names are prefixed with the name
-of the base image and suffixed with the current user name.
+A Toolbx container is an OCI container. Therefore, `toolbox run` is analogous
+to a `podman start` followed by a `podman exec`.

 ## OPTIONS ##

@ -26,35 +28,76 @@ The following options are understood:

 **--container** NAME, **-c** NAME

-Run command inside a toolbox container with the given NAME. This is useful
-when there are multiple toolbox containers created from the same base image,
-or entirely customized containers created from custom-built base images.
+Run command inside a Toolbx container with the given NAME. This is useful
+when there are multiple Toolbx containers created from the same image, or
+entirely customized containers created from custom-built images.

 **--distro** DISTRO, **-d** DISTRO

-Run command inside a toolbox container for a different operating system DISTRO
-than the host.
+Run command inside a Toolbx container for a different operating system DISTRO
+than the host. Has to be coupled with `--release` unless the selected DISTRO
+matches the host system.
+
+**--preserve-fds** N
+
+Pass down to command N additional file descriptors (in addition to 0, 1,
+2). The total number of file descriptors will be 3+N.

 **--release** RELEASE, **-r** RELEASE

-Run command inside a toolbox container for a different operating system
+Run command inside a Toolbx container for a different operating system
 RELEASE than the host.

+## EXIT STATUS
+
+The exit code gives information about why the command within the container
+failed to run or why it exited.
+
+**1** There was an internal error in Toolbx
+
+**125** There was an internal error in Podman
+
+**126** The run command could not be invoked
+
+```
+$ toolbox run /etc; echo $?
+/bin/sh: line 1: /etc: Is a directory
+/bin/sh: line 1: exec: /etc: cannot execute: Is a directory
+Error: failed to invoke command /etc in container fedora-toolbox-36
+126
+```
+
+**127** The run command cannot be found or the working directory does not exist
+
+```
+$ toolbox run foo; echo $?
+/bin/sh: line 1: exec: foo: not found
+Error: command foo not found in container fedora-toolbox-36
+127
+```
+
+**Exit code** The run command exit code
+
+```
+$ toolbox run false; echo $?
+1
+```
+
 ## EXAMPLES

-### Run ls inside a toolbox container using the default image matching the host OS
+### Run ls inside the default Toolbx container matching the host OS

 ```
 $ toolbox run ls -la
 ```

-### Run emacs inside a toolbox container using the default image for Fedora 30
+### Run emacs inside the default Toolbx container for Fedora 36

 ```
-$ toolbox run --distro fedora --release f30 emacs
+$ toolbox run --distro fedora --release f36 emacs
 ```

-### Run uptime inside a custom toolbox container using a custom image
+### Run uptime inside a Toolbx container with a custom name

 ```
 $ toolbox run --container foo uptime
@ -62,4 +105,4 @@ $ toolbox run --container foo uptime

 ## SEE ALSO

-`buildah(1)`, `podman(1)`, `podman-exec(1)`, `podman-start(1)`
+`toolbox(1)`, `podman(1)`, `podman-exec(1)`, `podman-start(1)`
--- a/doc/toolbox.1.md
+++ b/doc/toolbox.1.md
@ -1,34 +1,104 @@
-% toolbox(1)
+% toolbox 1

 ## NAME
-toolbox - Unprivileged development environment
+toolbox - Tool for interactive command line environments on Linux

 ## SYNOPSIS
-**toolbox** [*--verbose* | *-v*] *COMMAND* [*ARGS*]
+**toolbox** [*--assumeyes* | *-y*]
+        [*--help* | *-h*]
+        [*--log-level LEVEL*]
+        [*--log-podman*]
+        [*--verbose* | *-v*]
+        *COMMAND* [*ARGS*...]

 ## DESCRIPTION

-Toolbox is a tool that offers a familiar RPM based environment for developing
-and debugging software that runs fully unprivileged using Podman.
+Toolbx is a tool for Linux, which allows the use of interactive command line
+environments for software development and troubleshooting the host operating
+system, without having to install software on the host. It is built on top of
+Podman and other standard container technologies from OCI.

-The toolbox container is a fully *mutable* container; when you see
-`yum install ansible` for example, that's something you can do inside your
-toolbox container, without affecting the base operating system.
+Toolbx environments have seamless access to the user’s home directory, the
+Wayland and X11 sockets, networking (including Avahi), removable devices (like
+USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
+database, etc..

-This is particularly useful on OSTree based Fedora systems like Silverblue.
-The intention of these systems is to discourage installation of software on
-the host, and instead install software as (or in) containers.
+This is particularly useful on OSTree based operating systems like Fedora
+CoreOS and Silverblue. The intention of these systems is to discourage
+installation of software on the host, and instead install software as (or in)
+containers — they mostly don't even have package managers like DNF or YUM.
+This makes it difficult to set up a development environment or troubleshoot
+the operating system in the usual way.

-However this tool doesn't *require* using an OSTree based system — it works
-equally well if you're running e.g. existing Fedora Workstation or Server, and
-that's a useful way to incrementally adopt containerization.
+Toolbx solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.

-The toolbox environment is based on an OCI image. On Fedora this is the
-`fedora-toolbox` image. This image is then customized for the current user to
-create a toolbox container that seamlessly integrates with the rest of the
-operating system.
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.

-## OPTIONS ##
+The Toolbx environment is based on an OCI image. On Fedora this is the
+`fedora-toolbox` image. This image is used to create a Toolbx container that
+offers the interactive command line environment.
+
+Note that Toolbx makes no promise about security beyond what’s already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+## Supported operating system distributions
+
+By default, Toolbx tries to use an image matching the host operating system
+distribution for creating containers. If the host is not supported, then it
+falls back to a Fedora image. Supported host operating systems are:
+
+* Arch Linux
+* Fedora
+* Red Hat Enterprise Linux >= 8.5
+* Ubuntu
+
+However, it's possible to create containers for a different distribution
+through the use of the `--distro` and `--release` options that are accepted by
+the relevant commands, or their counterparts in the configuration file. The
+`--distro` flag specifies the name of the distribution, and `--release`
+specifies its version. Supported combinations are:
+
+Distro |Release
+-------|----------
+arch   |latest or rolling
+fedora |\<release\> or f\<release\> eg., 36 or f36
+rhel   |\<major\>.\<minor\> eg., 8.5
+ubuntu |\<YY\>.\<MM\> eg., 22.04
+
+## USAGE
+
+### Create a Toolbx container:
+
+```
+[user@hostname ~]$ toolbox create
+Image required to create toolbox container.
+Download registry.fedoraproject.org/fedora-toolbox:36 (294.1MB)? [y/N]: y
+Created container: fedora-toolbox-36
+Enter with: toolbox enter
+[user@hostname ~]$
+```
+
+### Enter the Toolbx container:
+
+```
+[user@hostname ~]$ toolbox enter
+⬢[user@toolbox ~]$
+```
+
+### Remove the Toolbx container:
+
+```
+[user@hostname ~]$ toolbox rm fedora-toolbox-36
+[user@hostname ~]$
+```
+
+## GLOBAL OPTIONS ##

 The following options are understood:

@ -40,26 +110,35 @@ Automatically answer yes for all questions.

 Print a synopsis of this manual and exit.

+**--log-level**=*level*
+
+Log messages above specified level: debug, info, warn, error, fatal or panic
+(default: error)
+
+**--log-podman**
+
+Show log messages of invocations of Podman based on the logging level specified
+by option **log-level**.
+
 **--verbose, -v**

-Print debug information including standard error stream of internal commands.
-Use `-vv` for more detail.
+Same as `--log-level=debug`. Use `-vv` to include `--log-podman`.

 ## COMMANDS

-Commands for working with toolbox containers and images:
+Commands for working with Toolbx containers and images:

 **toolbox-create(1)**

-Create a new toolbox container.
+Create a new Toolbx container.

 **toolbox-enter(1)**

-Enter a toolbox container for interactive use.
+Enter a Toolbx container for interactive use.

 **toolbox-help(1)**

-Display help information about Toolbox.
+Display help information about Toolbx.

 **toolbox-init-container(1)**

@ -67,20 +146,26 @@ Initialize a running container.

 **toolbox-list(1)**

-List existing toolbox containers and images.
+List existing Toolbx containers and images.

 **toolbox-rm(1)**

-Remove one or more toolbox containers.
+Remove one or more Toolbx containers.

 **toolbox-rmi(1)**

-Remove one or more toolbox images.
+Remove one or more Toolbx images.

 **toolbox-run(1)**

-Run a command in an existing toolbox container.
+Run a command in an existing Toolbx container.
+
+## FILES ##
+
+**toolbox.conf(5)**
+
+Toolbx configuration file.

 ## SEE ALSO

-`buildah(1)`, `podman(1)`
+`podman(1)`, https://github.com/containers/toolbox
--- a/doc/toolbox.conf.5.md
+++ b/doc/toolbox.conf.5.md
@ -0,0 +1,67 @@
+% toolbox.conf 5
+
+## NAME
+toolbox.conf - Toolbx configuration file
+
+## DESCRIPTION
+
+Persistently overrides the default behaviour of `toolbox(1)`. The syntax is
+TOML and the names of the options match their command line counterparts.
+Currently, the only supported section is *general*.
+
+## OPTIONS
+
+**distro** = "DISTRO"
+
+Create a Toolbx container for a different operating system DISTRO than the
+host. Cannot be used with `image`.
+
+**image** = "NAME"
+
+Change the NAME of the image used to create the Toolbx container. This is
+useful for creating containers from custom-built images. Cannot be used with
+`distro` and `release`.
+
+If NAME does not contain a registry, the local image storage will be
+consulted, and if it's not present there then it will be pulled from a suitable
+remote registry.
+
+**release** = "RELEASE"
+
+Create a Toolbx container for a different operating system RELEASE than the
+host. Cannot be used with `image`.
+
+## FILES
+
+The following locations are looked up in increasing order of priority:
+
+**/etc/containers/toolbox.conf**
+
+This is meant to be provided by the operating system distributor or the system
+administrator, and affects all users on the host.
+
+Fields specified here can be overridden by any of the files below.
+
+**$XDG_CONFIG_HOME/containers/toolbox.conf**
+
+This is meant for user-specific changes. Fields specified here override any of
+the files above.
+
+## EXAMPLES
+
+### Override the default operating system distro:
+```
+[general]
+distro = "fedora"
+release = "36"
+```
+
+### Override the default image:
+```
+[general]
+image = "registry.fedoraproject.org/fedora-toolbox:36"
+```
+
+## SEE ALSO
+
+`toolbox(1)`, `toolbox-create(1)`
--- a/4
+++ b/4
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright © 2019 - 2020 Red Hat, Inc.
+# Copyright © 2019 – 2024 Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -77,4 +77,4 @@ case $1 in
        ;;
    * )
        exit 1
-esac
+esac
--- a/images/arch/Containerfile
+++ b/images/arch/Containerfile
@ -0,0 +1,28 @@
+FROM docker.io/library/archlinux:base-devel
+
+LABEL com.github.containers.toolbox="true" \
+      name="arch-toolbox" \
+      version="base-devel" \
+      usage="This image is meant to be used with the toolbox command" \
+      summary="Base image for creating Arch Linux Toolbx containers" \
+      maintainer="Morten Linderud <foxboron@archlinux.org>"
+
+# Install extra packages
+COPY extra-packages /
+RUN pacman -Syu --needed --noconfirm - < extra-packages
+RUN rm /extra-packages
+
+# Enable man pages, enable progress bars
+RUN sed -i -e 's/NoProgressBar/#NoProgressBar/' -e 's/NoExtract/#NoExtract/' /etc/pacman.conf
+
+# Force reinstall of packages which have man pages (shouldn't redownload any that were just upgraded)
+RUN mkdir -p /usr/share/man && pacman -Qo /usr/share/man | awk '{print $5}' | xargs pacman -S --noconfirm man-db
+
+# Clean up cache
+RUN yes | pacman -Scc
+
+# Enable sudo permission for wheel users
+RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/toolbox
+
+# Enable the use of p11-kit-client.so to access CA certificates from the host
+RUN mkdir --parents /etc/pkcs11/modules
--- a/images/arch/extra-packages
+++ b/images/arch/extra-packages
@ -0,0 +1,27 @@
+bash-completion
+diffutils
+flatpak-xdg-utils
+git
+gnupg
+keyutils
+libp11-kit
+lsof
+man-db
+man-pages
+mlocate
+mtr
+nss-mdns
+openssh
+pigz
+procps-ng
+rsync
+tcpdump
+time
+traceroute
+tree
+unzip
+vte-common
+wget
+words
+xorg-xauth
+zip
--- a/images/fedora/f28/Containerfile
+++ b/images/fedora/f28/Containerfile
@ -1,7 +1,7 @@
 FROM registry.fedoraproject.org/fedora:28

 ENV NAME=fedora-toolbox VERSION=28
-LABEL com.github.debarshiray.toolbox="true" \
+LABEL com.github.containers.toolbox="true" \
      com.redhat.component="$NAME" \
      name="$FGC/$NAME" \
      version="$VERSION" \
--- a/images/fedora/f29/Containerfile
+++ b/images/fedora/f29/Containerfile
@ -2,7 +2,6 @@ FROM registry.fedoraproject.org/fedora:29

 ENV NAME=fedora-toolbox VERSION=29
 LABEL com.github.containers.toolbox="true" \
-      com.github.debarshiray.toolbox="true" \
      com.redhat.component="$NAME" \
      name="$FGC/$NAME" \
      version="$VERSION" \
--- a/images/fedora/f30/Containerfile
+++ b/images/fedora/f30/Containerfile
@ -2,7 +2,6 @@ FROM registry.fedoraproject.org/fedora:30

 ENV NAME=fedora-toolbox VERSION=30
 LABEL com.github.containers.toolbox="true" \
-      com.github.debarshiray.toolbox="true" \
      com.redhat.component="$NAME" \
      name="$FGC/$NAME" \
      version="$VERSION" \
--- a/images/fedora/f31/Containerfile
+++ b/images/fedora/f31/Containerfile
@ -2,7 +2,6 @@ FROM registry.fedoraproject.org/fedora:31

 ENV NAME=fedora-toolbox VERSION=31
 LABEL com.github.containers.toolbox="true" \
-      com.github.debarshiray.toolbox="true" \
      com.redhat.component="$NAME" \
      name="$FGC/$NAME" \
      version="$VERSION" \
--- a/images/fedora/f32/Containerfile
+++ b/images/fedora/f32/Containerfile
@ -2,9 +2,8 @@ FROM registry.fedoraproject.org/fedora:32

 ENV NAME=fedora-toolbox VERSION=32
 LABEL com.github.containers.toolbox="true" \
-      com.github.debarshiray.toolbox="true" \
      com.redhat.component="$NAME" \
-      name="$FGC/$NAME" \
+      name="$NAME" \
      version="$VERSION" \
      usage="This image is meant to be used with the toolbox command" \
      summary="Base image for creating Fedora toolbox containers" \
--- a/images/fedora/f32/README.md
+++ b/images/fedora/f32/README.md
@ -1 +0,0 @@
-../../../README.md
--- a/images/fedora/f32/README.md
+++ b/images/fedora/f32/README.md
@ -0,0 +1,163 @@
+<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
+
+[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
+[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
+
+[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
+[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
+
+[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
+systems, which allows the use of containerized command line environments. It is
+built on top of [Podman](https://podman.io/) and other standard container
+technologies from [OCI](https://opencontainers.org/).
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or install tools for debugging in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and debugging tools, editors
+and SDKs. For example, it's possible to do `yum install ansible` without
+affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that seamlessly integrates with the rest of the
+operating system by providing access to the user's home directory, the Wayland
+and X11 sockets, SSH agent, etc..
+
+## Installation
+
+Toolbox is installed by default on Fedora Silverblue. On other operating
+systems it's just a matter of installing the `toolbox` package.
+
+## Usage
+
+### Create your toolbox container:
+```console
+[user@hostname ~]$ toolbox create
+Created container: fedora-toolbox-33
+Enter with: toolbox enter
+[user@hostname ~]$
+```
+This will create a container called `fedora-toolbox-<version-id>`.
+
+### Enter the toolbox:
+```console
+[user@hostname ~]$ toolbox enter
+⬢[user@toolbox ~]$
+```
+
+### Remove a toolbox container:
+```console
+[user@hostname ~]$ toolbox rm fedora-toolbox-33
+[user@hostname ~]$
+```
+
+## Dependencies and Building
+
+Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
+system.
+
+The following dependencies are required to build it:
+- meson
+- go-md2man
+- systemd
+- go
+- ninja
+
+The following dependencies enable various optional features:
+- bash-completion
+
+It can be built and installed as any other typical Meson-based project:
+```console
+[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
+[user@hostname toolbox]$ ninja -C builddir
+[user@hostname toolbox]$ sudo ninja -C builddir install
+```
+
+Toolbox is written in Go. Consult the
+[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file
+for a full list of all the Go dependencies.
+
+By default, Toolbox uses Go modules and all the required Go packages are
+automatically downloaded as part of the build. There's no need to worry about
+the Go dependencies, unless the build environment doesn't have network access
+or any such peculiarities.
+
+## Distro support
+
+By default, Toolbox creates the container using an
+[OCI](https://www.opencontainers.org/) image called
+`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
+host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
+host would be `fedora-toolbox:33`.
+
+This default can be overridden by the `--image` option in `toolbox create`,
+but operating system distributors should provide an adequately configured
+default image to ensure a smooth user experience.
+
+## Image requirements
+
+Toolbox customizes newly created containers in a certain way. This requires
+certain tools and paths to be present and have certain characteristics inside
+the OCI image.
+
+Tools:
+* `getent(1)`
+* `id(1)`
+* `ln(1)`
+* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
+* `passwd(1)`
+* `readlink(1)`
+* `rm(1)`
+* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
+* `sleep(1)`
+* `test(1)`
+* `touch(1)`
+* `unlink(1)`
+* `useradd(8)`
+* `usermod(8)`
+
+Paths:
+* `/etc/host.conf`: optional, if present not a bind mount
+* `/etc/hosts`: optional, if present not a bind mount
+* `/etc/krb5.conf.d`: directory, not a bind mount
+* `/etc/localtime`: optional, if present not a bind mount
+* `/etc/resolv.conf`: optional, if present not a bind mount
+* `/etc/timezone`: optional, if present not a bind mount
+
+Toolbox enables `sudo(8)` access inside containers. The following is necessary
+for that to work:
+
+* The image should have `sudo(8)` enabled for users belonging to either the
+  `sudo` or `wheel` groups, and the group itself should exist. File an
+  [issue](https://github.com/containers/toolbox/issues/new) if you really need
+  support for a different group. However, it's preferable to keep this list as
+  short as possible.
+
+* The image should allow empty passwords for `sudo(8)`. This can be achieved
+  by either adding the `nullok` option to the `PAM(8)` configuration, or by
+  add the `NOPASSWD` tag to the `sudoers(5)` configuration.
+
+Since Toolbox only works with OCI images that fulfill certain requirements,
+it will refuse images that aren't tagged with
+`com.github.containers.toolbox="true"` and
+`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
+used by the maintainer of the image to indicate that they have read this
+document and tested that the image works with Toolbox. You can use the
+following snippet in a Dockerfile for this:
+```Dockerfile
+LABEL com.github.containers.toolbox="true"
+```
+The label `com.github.debarshiray.toolbox="true"` was used in previous versions
+of toolbox but is currently deprecated.
--- a/images/fedora/f33/Containerfile
+++ b/images/fedora/f33/Containerfile
@ -2,9 +2,8 @@ FROM registry.fedoraproject.org/fedora:33

 ENV NAME=fedora-toolbox VERSION=33
 LABEL com.github.containers.toolbox="true" \
-      com.github.debarshiray.toolbox="true" \
      com.redhat.component="$NAME" \
-      name="$FGC/$NAME" \
+      name="$NAME" \
      version="$VERSION" \
      usage="This image is meant to be used with the toolbox command" \
      summary="Base image for creating Fedora toolbox containers" \
--- a/images/fedora/f33/README.md
+++ b/images/fedora/f33/README.md
@ -1 +0,0 @@
-../../../README.md
--- a/images/fedora/f33/README.md
+++ b/images/fedora/f33/README.md
@ -0,0 +1,167 @@
+<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
+
+[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
+[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
+
+[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
+[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
+
+[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
+systems, which allows the use of containerized command line environments. It is
+built on top of [Podman](https://podman.io/) and other standard container
+technologies from [OCI](https://opencontainers.org/).
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or install tools for debugging in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and debugging tools, editors
+and SDKs. For example, it's possible to do `yum install ansible` without
+affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that seamlessly integrates with the rest of the
+operating system by providing access to the user's home directory, the Wayland
+and X11 sockets, networking (including Avahi), removable devices (like USB
+sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
+database, etc..
+
+
+## Installation
+
+Toolbox is installed by default on Fedora Silverblue. On other operating
+systems it's just a matter of installing the `toolbox` package.
+
+## Usage
+
+### Create your toolbox container:
+```console
+[user@hostname ~]$ toolbox create
+Created container: fedora-toolbox-33
+Enter with: toolbox enter
+[user@hostname ~]$
+```
+This will create a container called `fedora-toolbox-<version-id>`.
+
+### Enter the toolbox:
+```console
+[user@hostname ~]$ toolbox enter
+⬢[user@toolbox ~]$
+```
+
+### Remove a toolbox container:
+```console
+[user@hostname ~]$ toolbox rm fedora-toolbox-33
+[user@hostname ~]$
+```
+
+## Dependencies and Building
+
+Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
+system.
+
+The following dependencies are required to build it:
+- meson
+- go-md2man
+- systemd
+- go
+- ninja
+
+The following dependencies enable various optional features:
+- bash-completion
+
+It can be built and installed as any other typical Meson-based project:
+```console
+[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
+[user@hostname toolbox]$ ninja -C builddir
+[user@hostname toolbox]$ sudo ninja -C builddir install
+```
+
+Toolbox is written in Go. Consult the
+[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file
+for a full list of all the Go dependencies.
+
+By default, Toolbox uses Go modules and all the required Go packages are
+automatically downloaded as part of the build. There's no need to worry about
+the Go dependencies, unless the build environment doesn't have network access
+or any such peculiarities.
+
+## Distro support
+
+By default, Toolbox creates the container using an
+[OCI](https://www.opencontainers.org/) image called
+`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
+host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
+host would be `fedora-toolbox:33`.
+
+This default can be overridden by the `--image` option in `toolbox create`,
+but operating system distributors should provide an adequately configured
+default image to ensure a smooth user experience.
+
+## Image requirements
+
+Toolbox customizes newly created containers in a certain way. This requires
+certain tools and paths to be present and have certain characteristics inside
+the OCI image.
+
+Tools:
+* `getent(1)`
+* `id(1)`
+* `ln(1)`
+* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
+* `passwd(1)`
+* `readlink(1)`
+* `rm(1)`
+* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
+* `sleep(1)`
+* `test(1)`
+* `touch(1)`
+* `unlink(1)`
+* `useradd(8)`
+* `usermod(8)`
+
+Paths:
+* `/etc/host.conf`: optional, if present not a bind mount
+* `/etc/hosts`: optional, if present not a bind mount
+* `/etc/krb5.conf.d`: directory, not a bind mount
+* `/etc/localtime`: optional, if present not a bind mount
+* `/etc/machine-id`: optional, not a bind mount
+* `/etc/resolv.conf`: optional, if present not a bind mount
+* `/etc/timezone`: optional, if present not a bind mount
+
+Toolbox enables `sudo(8)` access inside containers. The following is necessary
+for that to work:
+
+* The image should have `sudo(8)` enabled for users belonging to either the
+  `sudo` or `wheel` groups, and the group itself should exist. File an
+  [issue](https://github.com/containers/toolbox/issues/new) if you really need
+  support for a different group. However, it's preferable to keep this list as
+  short as possible.
+
+* The image should allow empty passwords for `sudo(8)`. This can be achieved
+  by either adding the `nullok` option to the `PAM(8)` configuration, or by
+  add the `NOPASSWD` tag to the `sudoers(5)` configuration.
+
+Since Toolbox only works with OCI images that fulfill certain requirements,
+it will refuse images that aren't tagged with
+`com.github.containers.toolbox="true"` and
+`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
+used by the maintainer of the image to indicate that they have read this
+document and tested that the image works with Toolbox. You can use the
+following snippet in a Dockerfile for this:
+```Dockerfile
+LABEL com.github.containers.toolbox="true"
+```
+The label `com.github.debarshiray.toolbox="true"` was used in previous versions
+of toolbox but is currently deprecated.
--- a/images/fedora/f33/extra-packages
+++ b/images/fedora/f33/extra-packages
@ -1,4 +1,5 @@
 bash-completion
+bc
 bzip2
 diffutils
 dnf-plugins-core
@ -10,6 +11,7 @@ gnupg
 gnupg2-smime
 gvfs-client
 hostname
+iproute
 iputils
 jwhois
 keyutils
@ -20,6 +22,7 @@ man-db
 man-pages
 mlocate
 mtr
+nano-default-editor
 nss-mdns
 openssh-clients
 passwd
--- a/images/fedora/f34/Containerfile
+++ b/images/fedora/f34/Containerfile
@ -2,9 +2,8 @@ FROM registry.fedoraproject.org/fedora:34

 ENV NAME=fedora-toolbox VERSION=34
 LABEL com.github.containers.toolbox="true" \
-      com.github.debarshiray.toolbox="true" \
      com.redhat.component="$NAME" \
-      name="$FGC/$NAME" \
+      name="$NAME" \
      version="$VERSION" \
      usage="This image is meant to be used with the toolbox command" \
      summary="Base image for creating Fedora toolbox containers" \
@ -13,6 +12,7 @@ LABEL com.github.containers.toolbox="true" \
 COPY README.md /

 RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+RUN dnf -y swap coreutils-single coreutils-full

 COPY missing-docs /
 RUN dnf -y reinstall $(<missing-docs)
@ -23,5 +23,3 @@ RUN dnf -y install $(<extra-packages)
 RUN rm /extra-packages

 RUN dnf clean all
-
-CMD /bin/sh
--- a/images/fedora/f34/README.md
+++ b/images/fedora/f34/README.md
@ -1 +0,0 @@
-../../../README.md
--- a/images/fedora/f34/README.md
+++ b/images/fedora/f34/README.md
@ -0,0 +1,167 @@
+<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
+
+[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
+[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
+
+[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
+[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
+
+[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
+systems, which allows the use of containerized command line environments. It is
+built on top of [Podman](https://podman.io/) and other standard container
+technologies from [OCI](https://opencontainers.org/).
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or install tools for debugging in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and debugging tools, editors
+and SDKs. For example, it's possible to do `yum install ansible` without
+affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that seamlessly integrates with the rest of the
+operating system by providing access to the user's home directory, the Wayland
+and X11 sockets, networking (including Avahi), removable devices (like USB
+sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
+database, etc..
+
+
+## Installation
+
+Toolbox is installed by default on Fedora Silverblue. On other operating
+systems it's just a matter of installing the `toolbox` package.
+
+## Usage
+
+### Create your toolbox container:
+```console
+[user@hostname ~]$ toolbox create
+Created container: fedora-toolbox-33
+Enter with: toolbox enter
+[user@hostname ~]$
+```
+This will create a container called `fedora-toolbox-<version-id>`.
+
+### Enter the toolbox:
+```console
+[user@hostname ~]$ toolbox enter
+⬢[user@toolbox ~]$
+```
+
+### Remove a toolbox container:
+```console
+[user@hostname ~]$ toolbox rm fedora-toolbox-33
+[user@hostname ~]$
+```
+
+## Dependencies and Building
+
+Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
+system.
+
+The following dependencies are required to build it:
+- meson
+- go-md2man
+- systemd
+- go
+- ninja
+
+The following dependencies enable various optional features:
+- bash-completion
+
+It can be built and installed as any other typical Meson-based project:
+```console
+[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
+[user@hostname toolbox]$ ninja -C builddir
+[user@hostname toolbox]$ sudo ninja -C builddir install
+```
+
+Toolbox is written in Go. Consult the
+[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file
+for a full list of all the Go dependencies.
+
+By default, Toolbox uses Go modules and all the required Go packages are
+automatically downloaded as part of the build. There's no need to worry about
+the Go dependencies, unless the build environment doesn't have network access
+or any such peculiarities.
+
+## Distro support
+
+By default, Toolbox creates the container using an
+[OCI](https://www.opencontainers.org/) image called
+`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
+host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
+host would be `fedora-toolbox:33`.
+
+This default can be overridden by the `--image` option in `toolbox create`,
+but operating system distributors should provide an adequately configured
+default image to ensure a smooth user experience.
+
+## Image requirements
+
+Toolbox customizes newly created containers in a certain way. This requires
+certain tools and paths to be present and have certain characteristics inside
+the OCI image.
+
+Tools:
+* `getent(1)`
+* `id(1)`
+* `ln(1)`
+* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
+* `passwd(1)`
+* `readlink(1)`
+* `rm(1)`
+* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
+* `sleep(1)`
+* `test(1)`
+* `touch(1)`
+* `unlink(1)`
+* `useradd(8)`
+* `usermod(8)`
+
+Paths:
+* `/etc/host.conf`: optional, if present not a bind mount
+* `/etc/hosts`: optional, if present not a bind mount
+* `/etc/krb5.conf.d`: directory, not a bind mount
+* `/etc/localtime`: optional, if present not a bind mount
+* `/etc/machine-id`: optional, not a bind mount
+* `/etc/resolv.conf`: optional, if present not a bind mount
+* `/etc/timezone`: optional, if present not a bind mount
+
+Toolbox enables `sudo(8)` access inside containers. The following is necessary
+for that to work:
+
+* The image should have `sudo(8)` enabled for users belonging to either the
+  `sudo` or `wheel` groups, and the group itself should exist. File an
+  [issue](https://github.com/containers/toolbox/issues/new) if you really need
+  support for a different group. However, it's preferable to keep this list as
+  short as possible.
+
+* The image should allow empty passwords for `sudo(8)`. This can be achieved
+  by either adding the `nullok` option to the `PAM(8)` configuration, or by
+  add the `NOPASSWD` tag to the `sudoers(5)` configuration.
+
+Since Toolbox only works with OCI images that fulfill certain requirements,
+it will refuse images that aren't tagged with
+`com.github.containers.toolbox="true"` and
+`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
+used by the maintainer of the image to indicate that they have read this
+document and tested that the image works with Toolbox. You can use the
+following snippet in a Dockerfile for this:
+```Dockerfile
+LABEL com.github.containers.toolbox="true"
+```
+The label `com.github.debarshiray.toolbox="true"` was used in previous versions
+of toolbox but is currently deprecated.
--- a/images/fedora/f34/extra-packages
+++ b/images/fedora/f34/extra-packages
@ -1,4 +1,5 @@
 bash-completion
+bc
 bzip2
 diffutils
 dnf-plugins-core
@ -10,6 +11,7 @@ gnupg
 gnupg2-smime
 gvfs-client
 hostname
+iproute
 iputils
 jwhois
 keyutils
@ -18,8 +20,8 @@ less
 lsof
 man-db
 man-pages
-mlocate
 mtr
+nano-default-editor
 nss-mdns
 openssh-clients
 passwd
@ -33,6 +35,7 @@ time
 traceroute
 tree
 unzip
+util-linux
 vte-profile
 wget
 which
--- a/images/fedora/f35/Containerfile
+++ b/images/fedora/f35/Containerfile
@ -0,0 +1,25 @@
+FROM registry.fedoraproject.org/fedora:35
+
+ENV NAME=fedora-toolbox VERSION=35
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox command" \
+      summary="Base image for creating Fedora toolbox containers" \
+      maintainer="Debarshi Ray <rishi@fedoraproject.org>"
+
+COPY README.md /
+
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+RUN dnf -y swap coreutils-single coreutils-full
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+RUN dnf clean all
--- a/images/fedora/f35/README.md
+++ b/images/fedora/f35/README.md
@ -0,0 +1,167 @@
+<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
+
+[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
+[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
+
+[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
+[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
+
+[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
+systems, which allows the use of containerized command line environments. It is
+built on top of [Podman](https://podman.io/) and other standard container
+technologies from [OCI](https://opencontainers.org/).
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or install tools for debugging in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and debugging tools, editors
+and SDKs. For example, it's possible to do `yum install ansible` without
+affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that seamlessly integrates with the rest of the
+operating system by providing access to the user's home directory, the Wayland
+and X11 sockets, networking (including Avahi), removable devices (like USB
+sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
+database, etc..
+
+
+## Installation
+
+Toolbox is installed by default on Fedora Silverblue. On other operating
+systems it's just a matter of installing the `toolbox` package.
+
+## Usage
+
+### Create your toolbox container:
+```console
+[user@hostname ~]$ toolbox create
+Created container: fedora-toolbox-33
+Enter with: toolbox enter
+[user@hostname ~]$
+```
+This will create a container called `fedora-toolbox-<version-id>`.
+
+### Enter the toolbox:
+```console
+[user@hostname ~]$ toolbox enter
+⬢[user@toolbox ~]$
+```
+
+### Remove a toolbox container:
+```console
+[user@hostname ~]$ toolbox rm fedora-toolbox-33
+[user@hostname ~]$
+```
+
+## Dependencies and Building
+
+Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
+system.
+
+The following dependencies are required to build it:
+- meson
+- go-md2man
+- systemd
+- go
+- ninja
+
+The following dependencies enable various optional features:
+- bash-completion
+
+It can be built and installed as any other typical Meson-based project:
+```console
+[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
+[user@hostname toolbox]$ ninja -C builddir
+[user@hostname toolbox]$ sudo ninja -C builddir install
+```
+
+Toolbox is written in Go. Consult the
+[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file
+for a full list of all the Go dependencies.
+
+By default, Toolbox uses Go modules and all the required Go packages are
+automatically downloaded as part of the build. There's no need to worry about
+the Go dependencies, unless the build environment doesn't have network access
+or any such peculiarities.
+
+## Distro support
+
+By default, Toolbox creates the container using an
+[OCI](https://www.opencontainers.org/) image called
+`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
+host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
+host would be `fedora-toolbox:33`.
+
+This default can be overridden by the `--image` option in `toolbox create`,
+but operating system distributors should provide an adequately configured
+default image to ensure a smooth user experience.
+
+## Image requirements
+
+Toolbox customizes newly created containers in a certain way. This requires
+certain tools and paths to be present and have certain characteristics inside
+the OCI image.
+
+Tools:
+* `getent(1)`
+* `id(1)`
+* `ln(1)`
+* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
+* `passwd(1)`
+* `readlink(1)`
+* `rm(1)`
+* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
+* `sleep(1)`
+* `test(1)`
+* `touch(1)`
+* `unlink(1)`
+* `useradd(8)`
+* `usermod(8)`
+
+Paths:
+* `/etc/host.conf`: optional, if present not a bind mount
+* `/etc/hosts`: optional, if present not a bind mount
+* `/etc/krb5.conf.d`: directory, not a bind mount
+* `/etc/localtime`: optional, if present not a bind mount
+* `/etc/machine-id`: optional, not a bind mount
+* `/etc/resolv.conf`: optional, if present not a bind mount
+* `/etc/timezone`: optional, if present not a bind mount
+
+Toolbox enables `sudo(8)` access inside containers. The following is necessary
+for that to work:
+
+* The image should have `sudo(8)` enabled for users belonging to either the
+  `sudo` or `wheel` groups, and the group itself should exist. File an
+  [issue](https://github.com/containers/toolbox/issues/new) if you really need
+  support for a different group. However, it's preferable to keep this list as
+  short as possible.
+
+* The image should allow empty passwords for `sudo(8)`. This can be achieved
+  by either adding the `nullok` option to the `PAM(8)` configuration, or by
+  add the `NOPASSWD` tag to the `sudoers(5)` configuration.
+
+Since Toolbox only works with OCI images that fulfill certain requirements,
+it will refuse images that aren't tagged with
+`com.github.containers.toolbox="true"` and
+`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
+used by the maintainer of the image to indicate that they have read this
+document and tested that the image works with Toolbox. You can use the
+following snippet in a Dockerfile for this:
+```Dockerfile
+LABEL com.github.containers.toolbox="true"
+```
+The label `com.github.debarshiray.toolbox="true"` was used in previous versions
+of toolbox but is currently deprecated.
--- a/images/fedora/f35/extra-packages
+++ b/images/fedora/f35/extra-packages
@ -0,0 +1,48 @@
+bash-completion
+bc
+bzip2
+diffutils
+dnf-plugins-core
+findutils
+flatpak-spawn
+fpaste
+git
+gnupg
+gnupg2-smime
+gvfs-client
+hostname
+iproute
+iputils
+jwhois
+keyutils
+krb5-libs
+less
+lsof
+man-db
+man-pages
+mesa-dri-drivers
+mesa-vulkan-drivers
+mtr
+nano-default-editor
+nss-mdns
+openssh-clients
+passwd
+pigz
+procps-ng
+rsync
+shadow-utils
+sudo
+tcpdump
+time
+traceroute
+tree
+unzip
+util-linux
+vte-profile
+vulkan-loader
+wget
+which
+words
+xorg-x11-xauth
+xz
+zip
--- a/images/fedora/f35/missing-docs
+++ b/images/fedora/f35/missing-docs
@ -0,0 +1,15 @@
+acl
+bash
+curl
+gawk
+grep
+gzip
+libcap
+openssl
+p11-kit
+pam
+python3
+rpm
+sed
+systemd
+tar
--- a/images/fedora/f36/Containerfile
+++ b/images/fedora/f36/Containerfile
@ -0,0 +1,44 @@
+FROM registry.fedoraproject.org/fedora:36
+
+ARG NAME=fedora-toolbox
+ARG VERSION=36
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox command" \
+      summary="Base image for creating Fedora toolbox containers" \
+      maintainer="Debarshi Ray <rishi@fedoraproject.org>"
+
+COPY README.md /
+
+RUN rm /etc/rpm/macros.image-language-conf
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+
+RUN dnf -y upgrade
+RUN dnf -y swap coreutils-single coreutils-full
+RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+COPY ensure-files /
+RUN ret_val=0; \
+  while read file; do \
+    if ! compgen -G "$file" >/dev/null; then \
+      echo "$file: No such file or directory" >&2; \
+      ret_val=1; \
+      break; \
+    fi; \
+  done <ensure-files; \
+  if [ "$ret_val" -ne 0 ]; then \
+    false; \
+  fi
+RUN rm /ensure-files
+
+RUN dnf clean all
--- a/images/fedora/f36/README.md
+++ b/images/fedora/f36/README.md
@ -0,0 +1,44 @@
+[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).
+
+Toolbox environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that offers the interactive command line
+environment.
+
+Note that Toolbox makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+
+## Installation & Use
+
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbox and [Linux distro support](https://containertoolbx.org/distros/).
--- a/images/fedora/f36/ensure-files
+++ b/images/fedora/f36/ensure-files
@ -0,0 +1,17 @@
+/usr/share/man/man1/bash.1*
+/usr/share/man/man1/cd.1*
+/usr/share/man/man1/export.1*
+
+/usr/share/man/man1/cat.1*
+/usr/share/man/man1/cp.1*
+/usr/share/man/man1/ls.1*
+
+/usr/share/man/man1/gpg2.1*
+/usr/share/man/man7/gnupg2.7*
+
+/usr/share/man/fr/man8/rpm.8*
+/usr/share/man/ja/man8/rpm.8*
+/usr/share/man/man8/rpm.8*
+
+/usr/share/man/man1/kill.1*
+/usr/share/man/man8/mount.8*
--- a/images/fedora/f36/extra-packages
+++ b/images/fedora/f36/extra-packages
@ -0,0 +1,48 @@
+bash-completion
+bc
+bzip2
+diffutils
+dnf-plugins-core
+findutils
+flatpak-spawn
+fpaste
+git
+gnupg2
+gnupg2-smime
+gvfs-client
+hostname
+iproute
+iputils
+jwhois
+keyutils
+krb5-libs
+less
+lsof
+man-db
+man-pages
+mesa-dri-drivers
+mesa-vulkan-drivers
+mtr
+nano-default-editor
+nss-mdns
+openssh-clients
+passwd
+pigz
+procps-ng
+rsync
+shadow-utils
+sudo
+tcpdump
+time
+traceroute
+tree
+unzip
+util-linux
+vte-profile
+vulkan-loader
+wget
+which
+words
+xorg-x11-xauth
+xz
+zip
--- a/images/fedora/f36/missing-docs
+++ b/images/fedora/f36/missing-docs
@ -0,0 +1,20 @@
+acl
+bash
+coreutils-common
+curl
+findutils
+gawk
+gnupg2
+grep
+gzip
+libcap
+openssl
+p11-kit
+pam
+python3
+rpm
+sed
+sudo
+systemd
+tar
+util-linux-core
--- a/images/fedora/f37/Containerfile
+++ b/images/fedora/f37/Containerfile
@ -0,0 +1,54 @@
+FROM registry.fedoraproject.org/fedora:37
+
+ARG NAME=fedora-toolbox
+ARG VERSION=37
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox command" \
+      summary="Base image for creating Fedora toolbox containers" \
+      maintainer="Debarshi Ray <rishi@fedoraproject.org>"
+
+COPY README.md /
+
+RUN rm /etc/rpm/macros.image-language-conf
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+
+RUN dnf -y upgrade
+RUN dnf -y swap coreutils-single coreutils-full
+RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+COPY ensure-files /
+RUN ret_val=0; \
+  while read file; do \
+    if ! compgen -G "$file" >/dev/null; then \
+      echo "$file: No such file or directory" >&2; \
+      ret_val=1; \
+      break; \
+    fi; \
+  done <ensure-files; \
+  if [ "$ret_val" -ne 0 ]; then \
+    false; \
+  fi
+RUN rm /ensure-files
+
+RUN broken_packages="$(rpm --all --query --state --queryformat "PACKAGE: %{NAME}\n" \
+  | sed --quiet --regexp-extended '/PACKAGE: /{s/PACKAGE: // ; h ; b }; /^not installed/ { g; p }' \
+  | uniq \
+  | sort)"; \
+  if [ "$broken_packages" != "" ]; then \
+    echo "Packages with missing files:" >&2; \
+    echo "$broken_packages" >&2; \
+    false; \
+  fi
+
+RUN dnf clean all
--- a/images/fedora/f37/README.md
+++ b/images/fedora/f37/README.md
@ -0,0 +1,44 @@
+[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).
+
+Toolbox environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that offers the interactive command line
+environment.
+
+Note that Toolbox makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+
+## Installation & Use
+
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbox and [Linux distro support](https://containertoolbx.org/distros/).
--- a/images/fedora/f37/ensure-files
+++ b/images/fedora/f37/ensure-files
@ -0,0 +1,46 @@
+/usr/share/man/man1/bash.1*
+/usr/share/man/man1/cd.1*
+/usr/share/man/man1/export.1*
+
+/usr/share/man/man1/cat.1*
+/usr/share/man/man1/cp.1*
+/usr/share/man/man1/ls.1*
+
+/usr/share/man/man8/dnf.8*
+/usr/share/man/man5/dnf.conf.5*
+
+/usr/share/locale/de/LC_MESSAGES/elfutils.mo
+/usr/share/locale/ja/LC_MESSAGES/elfutils.mo
+
+/usr/share/man/man1/gpg2.1*
+/usr/share/man/man7/gnupg2.7*
+
+/usr/share/info/nettle.info*
+
+/usr/share/locale/fr/LC_MESSAGES/popt.mo
+/usr/share/locale/ja/LC_MESSAGES/popt.mo
+
+/usr/share/man/fr/man1/pstree.1*
+/usr/share/man/ru/man1/pstree.1*
+/usr/share/man/man1/pstree.1*
+
+/usr/share/info/history.info*
+
+/usr/share/man/fr/man8/rpm.8*
+/usr/share/man/ja/man8/rpm.8*
+/usr/share/man/man8/rpm.8*
+
+/usr/share/man/fr/man8/useradd.8*
+/usr/share/man/ja/man8/useradd.8*
+/usr/share/man/man8/useradd.8*
+
+/usr/share/man/man1/cal.1.*
+/usr/share/man/man1/getopt.1*
+/usr/share/man/man1/hexdump.1*
+
+/usr/share/man/man1/kill.1*
+/usr/share/man/man8/mount.8*
+
+/usr/share/man/fr/man1/xz.1*
+/usr/share/man/ko/man1/xz.1*
+/usr/share/man/man1/xz.1*
--- a/images/fedora/f37/extra-packages
+++ b/images/fedora/f37/extra-packages
@ -0,0 +1,49 @@
+bash-completion
+bc
+bzip2
+diffutils
+dnf-plugins-core
+findutils
+flatpak-spawn
+fpaste
+git
+gnupg2
+gnupg2-smime
+gvfs-client
+hostname
+iproute
+iputils
+keyutils
+krb5-libs
+less
+lsof
+man-db
+man-pages
+mesa-dri-drivers
+mesa-vulkan-drivers
+mtr
+nano-default-editor
+nss-mdns
+openssh-clients
+passwd
+pigz
+procps-ng
+psmisc
+rsync
+shadow-utils
+sudo
+tcpdump
+time
+traceroute
+tree
+unzip
+util-linux
+vte-profile
+vulkan-loader
+wget
+which
+whois
+words
+xorg-x11-xauth
+xz
+zip
--- a/images/fedora/f37/missing-docs
+++ b/images/fedora/f37/missing-docs
@ -0,0 +1,91 @@
+acl
+alternatives
+audit-libs
+authselect
+authselect-libs
+bash
+ca-certificates
+coreutils-common
+cracklib
+crypto-policies
+curl
+cyrus-sasl-lib
+dnf
+dnf-data
+elfutils-libelf
+expat
+file-libs
+filesystem
+findutils
+gawk
+glib2
+gmp
+gnupg2
+gnutls
+gpgme
+grep
+gzip
+ima-evm-utils
+keyutils-libs
+krb5-libs
+libarchive
+libassuan
+libblkid
+libcap
+libcap-ng
+libdb
+libdnf
+libeconf
+libevent
+libffi
+libgcrypt
+libgomp
+libgpg-error
+libidn2
+libksba
+libmodulemd
+libpwquality
+librepo
+libsemanage
+libsigsegv
+libsolv
+libssh
+libtasn1
+libtirpc
+libunistring
+libverto
+libxcrypt
+libxml2
+libyaml
+lz4-libs
+mpfr
+ncurses-base
+nettle
+openldap
+openssl
+p11-kit
+pam
+pcre
+pcre2-syntax
+popt
+python3
+python3-gpg
+python3-libs
+python3-rpm
+readline
+rpm
+sed
+setup
+shadow-utils
+sqlite-libs
+sudo
+systemd
+systemd-libs
+tar
+tpm2-tss
+tzdata
+util-linux-core
+vim-minimal
+yum
+zchunk-libs
+zlib
--- a/images/fedora/f38/Containerfile
+++ b/images/fedora/f38/Containerfile
@ -0,0 +1,54 @@
+FROM registry.fedoraproject.org/fedora:38
+
+ARG NAME=fedora-toolbox
+ARG VERSION=38
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox(1) command" \
+      summary="Image for creating Fedora Toolbx containers" \
+      maintainer="Debarshi Ray <rishi@fedoraproject.org>"
+
+COPY README.md /
+
+RUN rm /etc/rpm/macros.image-language-conf
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+
+RUN dnf -y upgrade
+RUN dnf -y swap coreutils-single coreutils-full
+RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+COPY ensure-files /
+RUN ret_val=0; \
+  while read file; do \
+    if ! compgen -G "$file" >/dev/null; then \
+      echo "$file: No such file or directory" >&2; \
+      ret_val=1; \
+      break; \
+    fi; \
+  done <ensure-files; \
+  if [ "$ret_val" -ne 0 ]; then \
+    false; \
+  fi
+RUN rm /ensure-files
+
+RUN broken_packages="$(rpm --all --query --state --queryformat "PACKAGE: %{NAME}\n" \
+  | sed --quiet --regexp-extended '/PACKAGE: /{s/PACKAGE: // ; h ; b }; /^not installed/ { g; p }' \
+  | uniq \
+  | sort)"; \
+  if [ "$broken_packages" != "" ]; then \
+    echo "Packages with missing files:" >&2; \
+    echo "$broken_packages" >&2; \
+    false; \
+  fi
+
+RUN dnf clean all
--- a/images/fedora/f38/README.md
+++ b/images/fedora/f38/README.md
@ -0,0 +1,44 @@
+[Toolbx](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).
+
+Toolbx environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..
+
+This is particularly useful on
+[OSTree](https://ostreedev.github.io/ostree/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.
+
+Toolbx solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The Toolbx environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a Toolbx container that offers the interactive command line
+environment.
+
+Note that Toolbx makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+
+## Installation & Use
+
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbx and [Linux distro support](https://containertoolbx.org/distros/).
--- a/images/fedora/f38/ensure-files
+++ b/images/fedora/f38/ensure-files
@ -0,0 +1,52 @@
+/usr/share/man/man1/bash.1*
+/usr/share/man/man1/cd.1*
+/usr/share/man/man1/export.1*
+
+/usr/share/man/man1/cat.1*
+/usr/share/man/man1/cp.1*
+/usr/share/man/man1/ls.1*
+
+/usr/share/cracklib/cracklib-small.pwd*
+/usr/share/cracklib/pw_dict.pwd*
+
+/usr/share/man/man8/dnf.8*
+/usr/share/man/man5/dnf.conf.5*
+
+/usr/share/locale/de/LC_MESSAGES/elfutils.mo
+/usr/share/locale/ja/LC_MESSAGES/elfutils.mo
+
+/usr/share/locale/fr/LC_MESSAGES/gawk.mo
+/usr/share/locale/ko/LC_MESSAGES/gawk.mo
+
+/usr/share/man/man1/gpg2.1*
+/usr/share/man/man7/gnupg2.7*
+
+/usr/share/info/nettle.info*
+
+/usr/share/locale/fr/LC_MESSAGES/popt.mo
+/usr/share/locale/ja/LC_MESSAGES/popt.mo
+
+/usr/share/man/fr/man1/pstree.1*
+/usr/share/man/ko/man1/pstree.1*
+/usr/share/man/man1/pstree.1*
+
+/usr/share/info/history.info*
+
+/usr/share/man/fr/man8/rpm.8*
+/usr/share/man/ja/man8/rpm.8*
+/usr/share/man/man8/rpm.8*
+
+/usr/share/man/fr/man8/useradd.8*
+/usr/share/man/ja/man8/useradd.8*
+/usr/share/man/man8/useradd.8*
+
+/usr/share/man/man1/cal.1.*
+/usr/share/man/man1/getopt.1*
+/usr/share/man/man1/hexdump.1*
+
+/usr/share/man/man1/kill.1*
+/usr/share/man/man8/mount.8*
+
+/usr/share/man/fr/man1/xz.1*
+/usr/share/man/ko/man1/xz.1*
+/usr/share/man/man1/xz.1*
--- a/images/fedora/f38/extra-packages
+++ b/images/fedora/f38/extra-packages
@ -0,0 +1,52 @@
+bash-completion
+bc
+bzip2
+cracklib-dicts
+diffutils
+dnf-plugins-core
+findutils
+flatpak-spawn
+fpaste
+gawk-all-langpacks
+git
+glibc-gconv-extra
+gnupg2
+gnupg2-smime
+gvfs-client
+hostname
+iproute
+iputils
+keyutils
+krb5-libs
+less
+lsof
+man-db
+man-pages
+mesa-dri-drivers
+mesa-vulkan-drivers
+mtr
+nano-default-editor
+nss-mdns
+openssh-clients
+passwd
+pigz
+procps-ng
+psmisc
+rsync
+shadow-utils
+sudo
+tcpdump
+time
+traceroute
+tree
+unzip
+util-linux
+vte-profile
+vulkan-loader
+wget
+which
+whois
+words
+xorg-x11-xauth
+xz
+zip
--- a/images/fedora/f38/missing-docs
+++ b/images/fedora/f38/missing-docs
@ -0,0 +1,92 @@
+acl
+alternatives
+audit-libs
+authselect
+authselect-libs
+bash
+ca-certificates
+coreutils-common
+cracklib
+crypto-policies
+curl
+cyrus-sasl-lib
+dnf
+dnf-data
+elfutils-libelf
+expat
+file-libs
+filesystem
+findutils
+gawk
+glib2
+gmp
+gnupg2
+gnutls
+gpgme
+grep
+gzip
+ima-evm-utils
+keyutils-libs
+krb5-libs
+libarchive
+libassuan
+libblkid
+libcap
+libcap-ng
+libcomps
+libdb
+libdnf
+libeconf
+libevent
+libffi
+libgcrypt
+libgomp
+libgpg-error
+libidn2
+libksba
+libmodulemd
+libpwquality
+librepo
+libsemanage
+libsigsegv
+libsolv
+libssh
+libtasn1
+libtirpc
+libunistring
+libunistring1.0
+libverto
+libxcrypt
+libxml2
+libyaml
+lz4-libs
+mpfr
+ncurses-base
+nettle
+openldap
+openssl
+p11-kit
+pam
+pcre2-syntax
+popt
+python3
+python3-libs
+python3-rpm
+readline
+rpm
+rpm-sequoia
+sed
+setup
+shadow-utils
+sqlite-libs
+sudo
+systemd
+systemd-libs
+tar
+tpm2-tss
+tzdata
+util-linux-core
+vim-minimal
+yum
+zchunk-libs
+zlib
--- a/images/fedora/f39/Containerfile
+++ b/images/fedora/f39/Containerfile
@ -0,0 +1,54 @@
+FROM registry.fedoraproject.org/fedora:39
+
+ARG NAME=fedora-toolbox
+ARG VERSION=39
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox(1) command" \
+      summary="Image for creating Fedora Toolbx containers" \
+      maintainer="Debarshi Ray <rishi@fedoraproject.org>"
+
+COPY README.md /
+
+RUN rm /etc/rpm/macros.image-language-conf
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+
+RUN dnf -y upgrade
+RUN dnf -y swap coreutils-single coreutils-full
+RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+COPY ensure-files /
+RUN ret_val=0; \
+  while read file; do \
+    if ! compgen -G "$file" >/dev/null; then \
+      echo "$file: No such file or directory" >&2; \
+      ret_val=1; \
+      break; \
+    fi; \
+  done <ensure-files; \
+  if [ "$ret_val" -ne 0 ]; then \
+    false; \
+  fi
+RUN rm /ensure-files
+
+RUN broken_packages="$(rpm --all --query --state --queryformat "PACKAGE: %{NAME}\n" \
+  | sed --quiet --regexp-extended '/PACKAGE: /{s/PACKAGE: // ; h ; b }; /^not installed/ { g; p }' \
+  | uniq \
+  | sort)"; \
+  if [ "$broken_packages" != "" ]; then \
+    echo "Packages with missing files:" >&2; \
+    echo "$broken_packages" >&2; \
+    false; \
+  fi
+
+RUN dnf clean all
--- a/images/fedora/f39/README.md
+++ b/images/fedora/f39/README.md
@ -0,0 +1,44 @@
+[Toolbx](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for software development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).
+
+Toolbx environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..
+
+This is particularly useful on
+[OSTree](https://ostreedev.github.io/ostree/) based operating systems like
+[Fedora CoreOS](https://fedoraproject.org/coreos/) and
+[Silverblue](https://fedoraproject.org/silverblue/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.
+
+Toolbx solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The Toolbx environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a Toolbx container that offers the interactive command line
+environment.
+
+Note that Toolbx makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+
+## Installation & Use
+
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbx and [Linux distro support](https://containertoolbx.org/distros/).
--- a/images/fedora/f39/ensure-files
+++ b/images/fedora/f39/ensure-files
@ -0,0 +1,51 @@
+/usr/share/man/man1/bash.1*
+/usr/share/man/man1/cd.1*
+/usr/share/man/man1/export.1*
+
+/usr/share/man/man1/cat.1*
+/usr/share/man/man1/cp.1*
+/usr/share/man/man1/ls.1*
+
+/usr/share/cracklib/cracklib-small.pwd*
+/usr/share/cracklib/pw_dict.pwd*
+
+/usr/share/man/man8/dnf.8*
+/usr/share/man/man5/dnf.conf.5*
+
+/usr/share/locale/de/LC_MESSAGES/elfutils.mo
+/usr/share/locale/ja/LC_MESSAGES/elfutils.mo
+
+/usr/share/locale/fr/LC_MESSAGES/gawk.mo
+/usr/share/locale/ko/LC_MESSAGES/gawk.mo
+
+/usr/share/man/man1/gpg2.1*
+/usr/share/man/man7/gnupg2.7*
+
+/usr/share/info/nettle.info*
+
+/usr/share/locale/fr/LC_MESSAGES/popt.mo
+/usr/share/locale/ja/LC_MESSAGES/popt.mo
+
+/usr/share/man/fr/man1/pstree.1*
+/usr/share/man/ko/man1/pstree.1*
+/usr/share/man/man1/pstree.1*
+
+/usr/share/info/history.info*
+
+/usr/share/man/man8/rpm.8*
+/usr/share/man/man8/rpm2cpio.8*
+
+/usr/share/man/fr/man8/useradd.8*
+/usr/share/man/ja/man8/useradd.8*
+/usr/share/man/man8/useradd.8*
+
+/usr/share/man/man1/cal.1.*
+/usr/share/man/man1/getopt.1*
+/usr/share/man/man1/hexdump.1*
+
+/usr/share/man/man1/kill.1*
+/usr/share/man/man8/mount.8*
+
+/usr/share/man/fr/man1/xz.1*
+/usr/share/man/ko/man1/xz.1*
+/usr/share/man/man1/xz.1*
--- a/images/fedora/f39/extra-packages
+++ b/images/fedora/f39/extra-packages
@ -0,0 +1,52 @@
+bash-completion
+bc
+bzip2
+cracklib-dicts
+diffutils
+dnf-plugins-core
+findutils
+flatpak-spawn
+fpaste
+gawk-all-langpacks
+git
+glibc-gconv-extra
+gnupg2
+gnupg2-smime
+gvfs-client
+hostname
+iproute
+iputils
+keyutils
+krb5-libs
+less
+lsof
+man-db
+man-pages
+mesa-dri-drivers
+mesa-vulkan-drivers
+mtr
+nano-default-editor
+nss-mdns
+openssh-clients
+passwd
+pigz
+procps-ng
+psmisc
+rsync
+shadow-utils
+sudo
+tcpdump
+time
+traceroute
+tree
+unzip
+util-linux
+vte-profile
+vulkan-loader
+wget
+which
+whois
+words
+xorg-x11-xauth
+xz
+zip
--- a/images/fedora/f39/missing-docs
+++ b/images/fedora/f39/missing-docs
@ -0,0 +1,90 @@
+acl
+alternatives
+audit-libs
+authselect
+authselect-libs
+bash
+ca-certificates
+coreutils-common
+cracklib
+crypto-policies
+curl
+cyrus-sasl-lib
+dnf
+dnf-data
+elfutils-libelf
+expat
+file-libs
+filesystem
+findutils
+gawk
+glib2
+gmp
+gnupg2
+gnutls
+grep
+gzip
+ima-evm-utils
+keyutils-libs
+krb5-libs
+libarchive
+libassuan
+libblkid
+libcap
+libcap-ng
+libcomps
+libdb
+libdnf
+libeconf
+libevent
+libffi
+libgcrypt
+libgomp
+libgpg-error
+libidn2
+libksba
+libmodulemd
+libpwquality
+librepo
+libsemanage
+libsigsegv
+libsolv
+libssh
+libtasn1
+libtirpc
+libunistring
+libverto
+libxcrypt
+libxml2
+libyaml
+lz4-libs
+mpfr
+ncurses-base
+nettle
+openldap
+openssl
+p11-kit
+pam
+pcre2-syntax
+popt
+python3
+python3-libs
+python3-rpm
+readline
+rpm
+rpm-sequoia
+sed
+setup
+shadow-utils
+sqlite-libs
+sudo
+systemd
+systemd-libs
+tar
+tpm2-tss
+tzdata
+util-linux-core
+vim-minimal
+yum
+zchunk-libs
+zlib
--- a/images/rhel/8.5/Containerfile
+++ b/images/rhel/8.5/Containerfile
@ -0,0 +1,28 @@
+FROM registry.access.redhat.com/ubi8:8.5
+
+ENV NAME=toolbox-container VERSION=8.5
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox command" \
+      summary="Base image for creating UBI toolbox containers" \
+      maintainer="Oliver Gutiérrez <ogutierrez@redhat.com>"
+
+COPY README.md /
+
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+RUN dnf -y swap coreutils-single coreutils-full
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+RUN dnf clean all
+
+CMD /bin/sh
--- a/images/rhel/8.5/README.md
+++ b/images/rhel/8.5/README.md
@ -0,0 +1,44 @@
+[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).
+
+Toolbox environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that offers the interactive command line
+environment.
+
+Note that Toolbox makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+
+## Installation & Use
+
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbox and [Linux distro support](https://containertoolbx.org/distros/).
--- a/images/rhel/8.5/extra-packages
+++ b/images/rhel/8.5/extra-packages
@ -0,0 +1,45 @@
+alternatives
+avahi-libs
+bzip2
+coreutils-common
+dejavu-sans-fonts
+diffutils
+dnf-plugins-core
+git
+glibc-all-langpacks
+gnupg2-smime
+hostname
+iputils
+jansson
+langpacks-en
+less
+libevent
+libgomp
+libICE
+libpkgconf
+libSM
+libX11
+libX11-common
+libXau
+libxcb
+libXext
+libXmu
+libXt
+lsof
+man-db
+openssh-clients
+pigz
+pkgconf
+pkgconf-m4
+pkgconf-pkg-config
+procps-ng
+qrencode-libs
+rsync
+sudo
+systemd-rpm-macros
+time
+unzip
+vte-profile
+wget
+xz
+zip
--- a/images/rhel/8.5/missing-docs
+++ b/images/rhel/8.5/missing-docs
@ -0,0 +1,14 @@
+acl
+bash
+curl
+gawk
+grep
+gzip
+libcap
+p11-kit
+pam
+python3
+rpm
+sed
+systemd
+tar
--- a/images/rhel/8.6/Containerfile
+++ b/images/rhel/8.6/Containerfile
@ -0,0 +1,28 @@
+FROM registry.access.redhat.com/ubi8:8.6
+
+ENV NAME=toolbox-container VERSION=8.6
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox command" \
+      summary="Base image for creating UBI toolbox containers" \
+      maintainer="Oliver Gutiérrez <ogutierrez@redhat.com>"
+
+COPY README.md /
+
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+RUN dnf -y swap coreutils-single coreutils-full
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+RUN dnf clean all
+
+CMD /bin/sh
--- a/images/rhel/8.6/README.md
+++ b/images/rhel/8.6/README.md
@ -0,0 +1,44 @@
+[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).
+
+Toolbox environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that offers the interactive command line
+environment.
+
+Note that Toolbox makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+
+## Installation & Use
+
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbox and [Linux distro support](https://containertoolbx.org/distros/).
--- a/images/rhel/8.6/extra-packages
+++ b/images/rhel/8.6/extra-packages
@ -0,0 +1,50 @@
+alternatives
+bzip2
+dejavu-sans-fonts
+diffutils
+dnf-plugins-core
+findutils
+flatpak-spawn
+git
+glibc-all-langpacks
+gnupg2-smime
+hostname
+iproute
+iputils
+jansson
+krb5-libs
+langpacks-en
+less
+libevent
+libgomp
+libICE
+libpkgconf
+libSM
+libX11
+libX11-common
+libXau
+libxcb
+libXext
+libXmu
+libXt
+lsof
+man-db
+openssh-clients
+passwd
+pigz
+pkgconf
+pkgconf-m4
+pkgconf-pkg-config
+procps-ng
+qrencode-libs
+rsync
+shadow-utils
+sudo
+time
+unzip
+util-linux
+vte-profile
+wget
+which
+xz
+zip
--- a/images/rhel/8.6/missing-docs
+++ b/images/rhel/8.6/missing-docs
@ -0,0 +1,14 @@
+acl
+bash
+curl
+gawk
+grep
+gzip
+libcap
+p11-kit
+pam
+python3
+rpm
+sed
+systemd
+tar
--- a/images/rhel/8.7/Containerfile
+++ b/images/rhel/8.7/Containerfile
@ -0,0 +1,28 @@
+FROM registry.access.redhat.com/ubi8:8.7
+
+ENV NAME=toolbox-container VERSION=8.7
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox command" \
+      summary="Base image for creating UBI toolbox containers" \
+      maintainer="Oliver Gutiérrez <ogutierrez@redhat.com>"
+
+COPY README.md /
+
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+RUN dnf -y swap coreutils-single coreutils-full
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+RUN dnf clean all
+
+CMD /bin/sh
--- a/images/rhel/8.7/README.md
+++ b/images/rhel/8.7/README.md
@ -0,0 +1,44 @@
+[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).
+
+Toolbox environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..
+
+This is particularly useful on
+[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that offers the interactive command line
+environment.
+
+Note that Toolbox makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+
+## Installation & Use
+
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbox and [Linux distro support](https://containertoolbx.org/distros/).
--- a/images/rhel/8.7/extra-packages
+++ b/images/rhel/8.7/extra-packages
@ -0,0 +1,50 @@
+alternatives
+bzip2
+dejavu-sans-fonts
+diffutils
+dnf-plugins-core
+findutils
+flatpak-spawn
+git
+glibc-all-langpacks
+gnupg2-smime
+hostname
+iproute
+iputils
+jansson
+krb5-libs
+langpacks-en
+less
+libevent
+libgomp
+libICE
+libpkgconf
+libSM
+libX11
+libX11-common
+libXau
+libxcb
+libXext
+libXmu
+libXt
+lsof
+man-db
+openssh-clients
+passwd
+pigz
+pkgconf
+pkgconf-m4
+pkgconf-pkg-config
+procps-ng
+qrencode-libs
+rsync
+shadow-utils
+sudo
+time
+unzip
+util-linux
+vte-profile
+wget
+which
+xz
+zip
--- a/images/rhel/8.7/missing-docs
+++ b/images/rhel/8.7/missing-docs
@ -0,0 +1,14 @@
+acl
+bash
+curl
+gawk
+grep
+gzip
+libcap
+p11-kit
+pam
+python3
+rpm
+sed
+systemd
+tar
--- a/images/rhel/8.8/Containerfile
+++ b/images/rhel/8.8/Containerfile
@ -0,0 +1,28 @@
+FROM registry.access.redhat.com/ubi8:8.8
+
+ENV NAME=toolbox-container VERSION=8.8
+LABEL com.github.containers.toolbox="true" \
+      com.redhat.component="$NAME" \
+      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
+      name="$NAME" \
+      version="$VERSION" \
+      usage="This image is meant to be used with the toolbox command" \
+      summary="Base image for creating UBI toolbox containers" \
+      maintainer="Oliver Gutiérrez <ogutierrez@redhat.com>"
+
+COPY README.md /
+
+RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+RUN dnf -y swap coreutils-single coreutils-full
+
+COPY missing-docs /
+RUN dnf -y reinstall $(<missing-docs)
+RUN rm /missing-docs
+
+COPY extra-packages /
+RUN dnf -y install $(<extra-packages)
+RUN rm /extra-packages
+
+RUN dnf clean all
+
+CMD /bin/sh
--- a/images/rhel/8.8/README.md
+++ b/images/rhel/8.8/README.md
@ -0,0 +1,44 @@
+[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
+use of interactive command line environments for development and
+troubleshooting the host operating system, without having to install software
+on the host. It is built on top of [Podman](https://podman.io/) and other
+standard container technologies from [OCI](https://opencontainers.org/).
+
+Toolbox environments have seamless access to the user's home directory,
+the Wayland and X11 sockets, networking (including Avahi), removable devices
+(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
+udev database, etc..
+
+This is particularly useful on
+[OSTree](https://ostreedev.github.io/ostree/) based operating systems like
+[Fedora CoreOS](https://coreos.fedoraproject.org/) and
+[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
+systems is to discourage installation of software on the host, and instead
+install software as (or in) containers — they mostly don't even have package
+managers like DNF or YUM. This makes it difficult to set up a development
+environment or troubleshoot the operating system in the usual way.
+
+Toolbox solves this problem by providing a fully mutable container within
+which one can install their favourite development and troubleshooting tools,
+editors and SDKs. For example, it's possible to do `yum install ansible`
+without affecting the base operating system.
+
+However, this tool doesn't *require* using an OSTree based system. It works
+equally well on Fedora Workstation and Server, and that's a useful way to
+incrementally adopt containerization.
+
+The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
+image. On Fedora this is the `fedora-toolbox` image. This image is used to
+create a toolbox container that offers the interactive command line
+environment.
+
+Note that Toolbox makes no promise about security beyond what's already
+available in the usual command line environment on the host that everybody is
+familiar with.
+
+
+## Installation & Use
+
+See our guides on
+[installing & getting started](https://containertoolbx.org/install/) with
+Toolbox and [Linux distro support](https://containertoolbx.org/distros/).
--- a/images/rhel/8.8/extra-packages
+++ b/images/rhel/8.8/extra-packages
@ -0,0 +1,50 @@
+alternatives
+bzip2
+dejavu-sans-fonts
+diffutils
+dnf-plugins-core
+findutils
+flatpak-spawn
+git
+glibc-all-langpacks
+gnupg2-smime
+hostname
+iproute
+iputils
+jansson
+krb5-libs
+langpacks-en
+less
+libevent
+libgomp
+libICE
+libpkgconf
+libSM
+libX11
+libX11-common
+libXau
+libxcb
+libXext
+libXmu
+libXt
+lsof
+man-db
+openssh-clients
+passwd
+pigz
+pkgconf
+pkgconf-m4
+pkgconf-pkg-config
+procps-ng
+qrencode-libs
+rsync
+shadow-utils
+sudo
+time
+unzip
+util-linux
+vte-profile
+wget
+which
+xz
+zip
--- a/Show More
+++ b/Show More