Operating system images with bootc

Production Line

Container images generally only provide the components you need to run a specific application inside a container and do not include a Linux kernel, a bootloader, firmware, or similar components. Many workflows already in place create and manage container images for applications, typically with a zoo of tools that create an image, check it for vulnerabilities, and then publish it in a container store. This workflow would also be helpful for bootable system images – which is exactly where two projects, bootc [1] and bootc Image Builder [2], enter the scene.

Containers for Operating Systems

These bootc projects let you use the same workflow you have in place for application containers to create operating system containers. All you need is a containerfile or Dockerfile along with the bootc Image Builder service to create a bootable Open Container Initiative (OCI) image that you can start on a host or virtual machine.

An image created in this way also comes with the Linux kernel, which is loaded in the normal way at boot time. Therefore, the basic operating system does not reside in the container and a systemd process with a PID of 1 is available in the normal way. Transactional updates let you keep the system up to date. The updates create additional layers on the system on top of the base image. You just need to create an updated bootc base image, with no need for a new disk image. In this way, the update process is identical to other OSTree-based systems.

You can use the bootc-image-builder container tool to create bootable disk images with the aid of the Podman container runtime. This process generates a disk image from a base image. Alternatively, you can also use the graphical Podman Desktop [3] tool, which