Define once. Run anywhere. No host daemon.
podbox is a declarative container environment manager for Linux. You write a TOML file, podbox turns it into an OCI image and a set of systemd Quadlet units, and from then on systemd owns the lifecycle: autostart, restart, socket activation, all of it. No background service of podbox's own running on your machine.
Think distrobox, but the environment is a file you can commit to git instead of a sequence of flags you ran once and forgot.
Each environment is one TOML file: image, packages, config, and how it should run. podbox build turns that into an OCI image and the matching systemd Quadlet units, nothing hand-edited.
The container gets its own home directory by default. Extra folders, devices, GPU, and the Wayland socket are all opt-in. Notifications, clipboard, opening links, and running a command on the host all work, routed through a small guest interceptor rather than a raw bind mount.
systemd owns the lifecycle from there: autostart, restarts, socket activation. There's no podbox process running in the background.
Distrobox mounts your home directory and session bus by default and gets out of the way after that, which is the right approach if you want a container that feels like the host. podbox defaults to the opposite: nothing is shared unless it's in the TOML, and the environment is reproducible from that file rather than whatever state the container happened to drift into.
It's not a replacement for distrobox, it solves a different problem.
| podbox | Distrobox / Toolbox | Raw podman run |
|
|---|---|---|---|
| Home directory | Isolated volume, opt-in sharing | Full $HOME mounted by default |
Manual -v flags |
| Config | Declarative TOML, version-controllable | Imperative CLI flags | Shell flags per run |
| Lifecycle | systemd Quadlet units | Shell shims | Manual |
| D-Bus | Filtered via xdg-dbus-proxy |
Unfiltered session bus | Unfiltered |
| Wayland / audio | Opt-out (on by default) | Always on | Manual |
| GPU | auto / nvidia / off |
--nvidia flag |
Manual device flags |
| Notifications | Guest interceptor → host | Via shared D-Bus | Not supported |
| Clipboard | Guest interceptor → host | Via shared home | Not supported |
| Host commands | host-exec interceptor |
distrobox-host-exec |
Not supported |
| SSH agent | Socket forward (opt-in) | Auto-mounted | Not supported |
| Baked images | Yes: packages in image, not runtime | No: packages reinstalled on rebuild | N/A |
| Reproducibility | Full: TOML → image → unit | Partial: image only | None |
| Runtime | Podman only | Podman / Docker / lilipod | Any OCI runtime |
# Grab the binary
curl -fsSL https://bethropolis.github.io/podbox/install.sh | sh
# Spin up a Fedora container and hop in
podbox create fedora
podbox enter fedoraThat's a prebuilt environment with no config file needed. For anything custom, see the Getting Started Guide.
You write one TOML file. podbox build turns it into an OCI image plus the systemd Quadlet units that run it: no hand-edited Containerfile, no manually written unit files.
Configs live in ~/.config/podbox/<name>.toml, or ./.podbox.toml if you'd rather keep one per project. Every key is documented in the config reference.
Prebuilt environments, ready in seconds:
podbox create cachy
podbox create fedora --name devBuilding from a base image instead:
# Scaffold a config you can edit
podbox init fedora:44 --name myenv
# Build it, enable it, start it
podbox create myenvOr just point it at any OCI image:
podbox create ubuntu:24.04 --name dev
podbox create ghcr.io/user/img --name myenvNot sure what you want? There's a wizard:
podbox init -iTired of typing the env name every time? Set an active context and bare commands target it:
podbox use myenv
podbox status
podbox logs
podbox exec -- htopGetting in and running things:
podbox enter myenv
podbox exec -- htop
podbox run firefoxPulling apps and binaries out to your host:
podbox export app firefox
podbox export bin rgSnapshots, restores, clones:
podbox snapshot myenv
podbox restore myenv <tag>
podbox clone work devPeeking under the hood:
podbox inspect myenv
podbox inspect myenv --quadletPre-built binary:
curl -fsSL https://bethropolis.github.io/podbox/install.sh | shArch Linux, via AUR:
paru -S podbox-binBuilding from source:
scripts/install.sh # installs to ~/.local/bin
scripts/install.sh --system # system-wide, needs sudoRequired:
- Podman ≥ 5.5 (5.6+ if you want SSH agent passthrough)
- A systemd user session
- Linux with a Wayland compositor (X11 apps work via Xwayland)
Nice to have:
xdg-dbus-proxy, for filtered D-Bus access. Usually already on your system if you've got Flatpak installed.
Run podbox doctor first. It catches most of the common setup issues on its own. If that doesn't sort it out, the Troubleshooting Guide covers specific problems in more depth.
Every command also takes --dry-run if you want to see what it'd do before it does it.
See Commands at a Glance or the Quick Reference for the complete list.
Contributions welcome! See CONTRIBUTING.md. MIT licensed.