Container images generally only provide the components you need to run a specific application inside a container and do not include a Linux kernel, a bootloader, firmware, or similar components. Many workflows already in place create and manage container images for applications, typically with a zoo of tools that create an image, check it for vulnerabilities, and then publish it in a container store. This workflow would also be helpful for bootable system images – which is exactly where two projects, bootc [1] and bootc Image Builder [2], enter the scene.

Containers for Operating Systems

These bootc projects let you use the same workflow you have in place for application containers to create operating system containers. All you need is a containerfile or Dockerfile along with the bootc Image Builder service to create a bootable Open Container Initiative (OCI) image that you can start on a host or virtual machine.

An image created in this way also comes with the Linux kernel, which is loaded in the normal way at boot time. Therefore, the basic operating system does not reside in the container and a systemd process with a PID of 1 is available in the normal way. Transactional updates let you keep the system up to date. The updates create additional layers on the system on top of the base image. You just need to create an updated bootc base image, with no need for a new disk image. In this way, the update process is identical to other OSTree-based systems.

You can use the bootc-image-builder container tool to create bootable disk images with the aid of the Podman container runtime. This process generates a disk image from a base image. Alternatively, you can also use the graphical Podman Desktop [3] tool, which simplifies the container handling and comes with a selection of extensions – including some for bootc – to help create bootable container images. I will primarily be focusing on the bootc extension in this article.

Generating Images in a Terminal Window

To begin, I'll first take a look at the process of generating disk images in a terminal window from a standard bootc image. Of course, you always have the options of extending this bootc image to include additional components or making other adjustments in advance with the use of a container file or Dockerfile. You then publish the customized image in a store, which is also necessary when, for example, updates become available for the image you are using.

You can use either the RAW, QCOW2, VMDK, ISO, or Amazon Machine Image (AMI) formats for the disk image. In any case, you always need a bootc base image first. This special container image contains the kernel and the systemd service along with other components for a bootable system. Base images are available for Fedora, CentOS, and Red Hat Enterprise Linux systems. The following example shows that the components are included in the image:

# podman run --rm -it quay.io/centos-bootc/centos-bootc:stream9 rpm -q kernel systemd podman bootc
kernel-5.14.0-467.el9.aarch64
systemd-252-37.el9.aarch64
podman-5.1.0-1.el9.aarch64
bootc-0.1.11-2.el9.aarch64

Because this kind of image does not contain a user account by default, you can simply add one by editing the configuration file in TOML format and assign an SSH key and a group directly to the user:

[[customizations.user]]
name = "tscherf"
password = "Secret23"
key = "ssh-rsa AAA ... tscherf@domain.com"
groups = ["wheel"]

In this example, I used centos-bootc:stream9 as the bootc base image and passed it into the bootc-image-builder service. The completed disk image uses the QCOW2 format. If everything goes well, the new image will be available in the output directory – but don't hold your breath. You can then launch the build process for the CentOS Stream 9 image itself, as in Listing 1.

# podman run --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t -v $(pwd)/config.toml:/config.toml -v $(pwd)/output:/output -v /var/lib/containers/storage:/var/lib/containers/storage quay.io/centos-bootc/bootc-image-builder:latest --type qcow2 --local quay.io/centos-bootc/centos-bootc:stream9

Booting the Image

To boot the disk image you just created for test purposes, you can use a virtualization tool such as libvirt. This example,

# virt-install --name bootc --memory 4096 --vcpus 2 --disk qcow2/disk.qcow2 --import

uses virt-install, which is based on libvirt.