Add basic root toolbox script for rootless nerdctl

[afbjorklund]

Version of coreos toolbox, using nerdctl instead of systemd.

Uses fedora by default for the toolbox, it can be configured.

Added for a comparison with the systemd-nspawn version:

https://github.com/afbjorklund/systemd-toolbox (from coreos)

$ lima ./toolbox 
░ Spawning container anders-fedora-latest on /var/lib/toolbox/anders-fedora-latest.
░ Press Ctrl-] three times within 1s to kill container.
[root@lima-default ~]# 
logout
Container anders-fedora-latest exited successfully.

$ ./cmd/toolbox.lima 
░ Entering container anders-fedora-latest on fedora:latest.
[root@lima-default /]# 
exit

Issue #3107

Note: these are just small shell scripts, and not real programs.

---

The default image is read-write, so it doesn't really need a toolbox.

When running a read-only OS, you need one to install your tools in...

But when running lima you could just as well install them on the VM.
This allows you to run toolbox.lima and leave the system untouched.

If it would be needed for system maintenance, it needs sudo nerdctl.
Currently it is root on the inside, but still user on the outside (instance)

Running as the user with a home directory mount is better off as a program.

Something like toolbx or distrobox, but with support for nerdctl as well?

[AkihiroSuda]

This is quite different from other *.lima wrappers, as this doesn't even execute limactl

[AkihiroSuda]

I also don't like the name of the "toolbox", as it is likely to conflict with something else, e.g., https://android.googlesource.com/platform/system/core/+/froyo/toolbox/Android.mk

[AkihiroSuda]

https://github.com/containerd/nerdctl/tree/main/examples might be a better place?

[afbjorklund]

The script executes itself with lima (if needed), so it should use limactl (eventually)
But there is not so much host code in it, like checking if nerdctl is actually available etc
As mentioned in the issue, the "toolbox" is somewhat overloaded with 3+ implementations

[afbjorklund]

As mentioned above there is much need for a toolbox in the default lima instance, since it is already read-write.
It could be useful if there is ever support for CoreOS, or if we make a smaller BeanOS without a package manager?

So it's fine to leave this as an example, similar to LXC/LXD*, and not include any scripts in the default installation.
* the default image includes support for both lxd and snapd, even though it is not used or needed by nerdctl.lima

"LXD is installed in the default Ubuntu template, so there is no lxd.yaml"

It would need to use sudo nerdctl to match the sudo systemd-nspawn, but then it needs a default-rootful.yaml
FATA[0000] cannot access containerd socket "/run/containerd/containerd.sock": no such file or directory

While you can still run the toolbox just fine as rootless, you can't manipulate the host like with coreos toolbox.
Even though you have /media/root mounted and the container is privileged, you don't have the host access.

I will leave the issue open, for providing something like WSL or distrobox