rlibaert

Containerized development on Fedora Silverblue

development containers
November 15, 2025 ⏲ 4m read

After some time developing containerized applications, I made a habit of trying to run everything in containers. The ability to sandbox applications allows me to keep control over my system and makes me confident to try and discover new software. In this post I show the tools I use to create disposable development environments and to keep my system tidy.

Development Containers

Quoting the website, Development Containers “allows you to use a container as a full-featured development environment”, bringing the benefits of containerization to software development. Basically you can start using a development container by adding to your project a .devcontainer.json file as simple as:

{ "image": "mcr.microsoft.com/devcontainers/go" }

This will allow us to open our project within a container with a Golang development environment (there is other images for most common languages), embedding every tools that may be needed (compiler, debugger, language server, linters, …). You can also setup the container even further with DevContainer Features to embed other tools required by your project. For instance, I often put Docker inside of it:

{
  "image": "mcr.microsoft.com/devcontainers/go",
  "features": {
    "ghcr.io/devcontainers/features/docker-in-docker:2": {}
  }
}

With this simple file, we are creating a reproducible, shareable, disposable, portable, isolated & secure development environment, which is versioned and bundled along our project. This example can seem quite trivial, but the specification is very comprehensive, allowing you to further configure the development environment and install tools, libraries or even editor extensions.

Devcontainers are pretty well integrated in VSCode thanks to the VSCode Dev Containers extension, simplifying greatly creation, management and overall usage of development containers. Personally, I settled on DevPod as it allows me to use Zed instead.

Fedora Silverblue

Silverblue is an immutable / atomic version of Fedora Workstation.

Immutable as it uses a read-only root filesystem, forbidding users to write outside of their /home. New software can only be installed in sandboxed environments like containers or Flatpaks. Atomic because system updates are transactional: they are effective only after the system is rebooted and can be rolled back if anything goes wrong.

Such distributions are believed to be more secure, reliable and stable. Fun fact is that you probably use one already as Android fits pretty well in this description. Another perk is that you end up with a system that is identical for the vast majority of users so you have a very high chance to find resources about any problem you would get with the distribution.

Podman

Like Docker, Podman is a container runtime for developing, managing and running containers. The main difference is that it is daemonless and rootless by design. To put it simply, a Podman container is nothing but a mere user process.

The Podman client uses the same interface as Docker, meaning that if you know Docker you already know Podman. Also, if your tools uses Docker under the hood then there is a good chance that it can use Podman as well.

Toolbx

Toolbx is built on top of Podman and allows users to run a Linux distribution (Fedora, Arch, Ubuntu) in a container, which can be used to install programs that you would usually install directly on your host. Toolbx environments are different from plain containers as they have seamless access to the user’s home directory, devices, Wayland & X11 sockets, networking, … and thus behave like any standard Linux command line environment.

For instance, let’s create a new Ubuntu based toolbx:

$ toolbox create -d ubuntu -r 25.04
Image required to create Toolbx container.
Download quay.io/toolbx/ubuntu-toolbox:25.04 ( ... MB)? [y/N]: y
Created container: ubuntu-toolbox-25.04
Enter with: toolbox enter ubuntu-toolbox-25.04

I can now enter it and work as if I were on a Ubuntu system:

$ toolbox enter ubuntu-toolbox-25.04
$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=25.04
DISTRIB_CODENAME=plucky
DISTRIB_DESCRIPTION="Ubuntu 25.04"

Flatpak

Flatpak is pretty well known now. Simply put, it distributes and installs Linux applications and their dependencies in a way comparable to what we already have on smartphones and their stores. It provides the same advantages of sanboxing and isolation but for desktop applications.

Limitations

Because Fedora uses nftables, while Docker needs ip_tables, the Docker-in-Docker daemon from DevContainer features might fail to start. To fix this, you can simply run modprobe ip_tables and restart the container. You may also add a file /etc/modules-load.d/ip_tables.conf to persist that change across reboots. See this Github issue.

This workflow is has been successful to develop cloud-native applications but the containerization might get in the way for developing with hardware (e.g. microcontrollers, USB devices).

Silverblue comes with Firefox preinstalled, but this version is known to be unable to play some video contents. A simple workaround is to install the Flathub version.