I need an alternative to systemctl to start a service inside a toolbox container

TL;DR

1 I need to run a service (warsaw) inside a toolbox.

2 systemctl start warsaw do not work inside toolbox (toolbox #176)

3 Is there another way to start this service

BACKGROUND

In Brazil, all major bank institutions require that you install this so-called “security module” in order to access their online services from your computer. The package is proprietary and once installed typically run as root all the time.

So what I am trying to accomplish is isolate this process and a web browser(chromium) inside a container in order to have them available atop a Fedora 30 Silverblue installation.

My first step was to test everything on Fedora 30 Workstation (it works fine)

  1. Access this diagnostic site and select an institution (in my case CAIXA). The site will inform that you need to install warsaw and let you select a package according to your distribution. In case of Fedora the file is called warsaw_setup_64.rpm.

  2. sudo dnf install warsaw_setup_64.rpm

  3. Access the diagnostic page again and select an institution. There will be some last adjustments made to your web browser.

So as it worked in Fedora Workstation there is a chance I can make it work inside a toolbox on top Silverblue 30

  1. Download the package the same as before.

  2. toolbox create -c banco

  3. toolbox enter -c banco

  4. sudo dnf install warsaw_setup_64.rpm

  5. sudo dnf install chromium

  6. Launch chromium-browser from cli and access diagnostics page again.

It did not work. After investigating I realized it was installed but the service was not running.

The expected output was something like this:

So usually I could start it with with

sudo systemctl enable warsaw
sudo systemctl start warsaw

But right now is not possible to run systemctl inside a regular toolbox container. According to this bug report there seems to be a manual way of starting this service. Any thoughts on that? I don’t know about podman configuration myself so doing this with the preconfigured toolbox would be of great use.

Sidenote: trying to install and run warsaw directly on Silverblue results in error

rpm-ostree install warsaw_setup_64.rpm
error: Importing package warsaw: Unsupported path: /usr/local/bin/warsaw; See https://github.com/projectatomic/rpm-ostree/issues/233

Thanks for any help.

I don’t know warsaw and how it works. But this is a start point.
Talking about toolbox.
Once you are in the container, you can inspect the systemd service installed by the RPM.

$ cat /usr/lib/systemd/system/warsaw.service
...
ExecStart=/usr/bin/warsaw start
...

So, you could start the service issuing

$ sudo /usr/bin/warsaw start

Using ps you can verify that the process is running in the background

$ ps -ef|grep wars
root     27155  1933  0 11:07 ?        00:00:00 /usr/local/bin/warsaw/core

At this point you can start chromium.

Thank you very much. :smile:
Your instruction worked with one minor adjustment and I’m impressed with how fast help it came.

In case anyone else needs it:

Before launching Chromium, Warsaw needs to be running both as root as a regular user. So the commands to start it should be like:

$ sudo /usr/bin/warsaw start
$ /usr/bin/warsaw start

Check if is running:

$ ps -ef | grep warsaw
root      9532     1  0 14:42 ?        00:00:02 /usr/local/bin/warsaw/core
[username]  10137     1  0 14:48 ?        00:00:00 /usr/local/bin/warsaw/core

Next step for me is try to do this in a automated way. But for now I’m satisfied with it. Thanks again!

1 Like

toolbox has a run option that accepts a command (instead of entering in the container).
So you could create a bash script (inside the container) and then invoke it.

toolbox run -c banco /home/username/bin/script.sh

It worth a try.

1 Like

This is really cool. I read about this run command in the latest toolbox release and was thinking about using it. This solution you proposed plus a custom .desktop launcher turns out to be like a dream to me. I even realized I don’t have to install a browser inside the toolbox. All that’s really needed is the services running in the toolbox then you can access your bank with the host web browser. I will figure this better in my leisure time. Probably a good opportunity for me to learn about bash scripts. Thanks for this. When I figure everything out I will share it here for reference.

2 Likes

Just FYI: Warsow is actually also available as a Fedora package and thus you could install it via rpm-ostree. Or, and that’s even better for Silverblue users, you can also get it from registry.fedoraproject.org as a flatpak!

Oh, okay wait, you write warsaw. What is this? I could not find anything about it online?

It’s a package required by banks in Brazil to access of their online services.
I explained that in my first post.
Thanks for your interest anyway.