diff --git a/container-templates/docker-compose/.devcontainer/devcontainer.json b/container-templates/docker-compose/.devcontainer/devcontainer.json index 6d3cf513..12c1c823 100644 --- a/container-templates/docker-compose/.devcontainer/devcontainer.json +++ b/container-templates/docker-compose/.devcontainer/devcontainer.json @@ -18,7 +18,7 @@ }, // Add the IDs of extensions you want installed when the container is created. - "extensions": [] + "extensions": [], // Uncomment the next line if you want to keep your containers running after VS Code shuts down. // "shutdownAction": "none", @@ -26,6 +26,6 @@ // Uncomment the next line to use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "uname -a", - // Uncomment the next line to connect as a non-root user. - // "remoteUser": "vscode" + // Comment out connect as root instead. To add a non-root user, see: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/container-templates/docker-compose/.devcontainer/library-scripts/README.md b/container-templates/docker-compose/.devcontainer/library-scripts/README.md index d06dfd1a..0f7da908 100644 --- a/container-templates/docker-compose/.devcontainer/library-scripts/README.md +++ b/container-templates/docker-compose/.devcontainer/library-scripts/README.md @@ -1,5 +1,7 @@ # Warning: Folder contents may be replaced -The contents of this folder will be automatically replaced with a file of the same name in the [vscode-dev-containers](https://github.com/microsoft/vscode-dev-containers) repository's [script-library folder](https://github.com/microsoft/vscode-dev-containers/tree/master/script-library) whenever the repository is packaged. +The contents of this folder will be automatically replaced with a file of the same name in the [vscode-dev-containers](https://github.com/microsoft/vscode-dev-containers) repository's [script-library folder](https://github.com/microsoft/vscode-dev-containers/tree/master/script-library) whenever the repository is packaged. To retain your edits, move the file to a different location. You may also delete the files if they are not needed. -To retain your edits, move the file to a different location. You may also delete the files if they are not needed. \ No newline at end of file +## Adding a new script from the script-library folder + +When creating a dev container for the vscode-dev-containers repository, simply drop a copy of the script you want to use from the [script-library folder](https://github.com/microsoft/vscode-dev-containers/tree/master/script-library) into this folder and it will be automatically kept up to date as things change. diff --git a/container-templates/dockerfile/.devcontainer/devcontainer.json b/container-templates/dockerfile/.devcontainer/devcontainer.json index 1bd69e9a..e67969f1 100644 --- a/container-templates/dockerfile/.devcontainer/devcontainer.json +++ b/container-templates/dockerfile/.devcontainer/devcontainer.json @@ -14,7 +14,7 @@ }, // Add the IDs of extensions you want installed when the container is created. - "extensions": [] + "extensions": [], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -28,6 +28,6 @@ // Uncomment when using a ptrace-based debugger like C++, Go, and Rust // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. To add a non-root user, see: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/container-templates/dockerfile/.devcontainer/library-scripts/README.md b/container-templates/dockerfile/.devcontainer/library-scripts/README.md index d06dfd1a..0f7da908 100644 --- a/container-templates/dockerfile/.devcontainer/library-scripts/README.md +++ b/container-templates/dockerfile/.devcontainer/library-scripts/README.md @@ -1,5 +1,7 @@ # Warning: Folder contents may be replaced -The contents of this folder will be automatically replaced with a file of the same name in the [vscode-dev-containers](https://github.com/microsoft/vscode-dev-containers) repository's [script-library folder](https://github.com/microsoft/vscode-dev-containers/tree/master/script-library) whenever the repository is packaged. +The contents of this folder will be automatically replaced with a file of the same name in the [vscode-dev-containers](https://github.com/microsoft/vscode-dev-containers) repository's [script-library folder](https://github.com/microsoft/vscode-dev-containers/tree/master/script-library) whenever the repository is packaged. To retain your edits, move the file to a different location. You may also delete the files if they are not needed. -To retain your edits, move the file to a different location. You may also delete the files if they are not needed. \ No newline at end of file +## Adding a new script from the script-library folder + +When creating a dev container for the vscode-dev-containers repository, simply drop a copy of the script you want to use from the [script-library folder](https://github.com/microsoft/vscode-dev-containers/tree/master/script-library) into this folder and it will be automatically kept up to date as things change. diff --git a/container-templates/image/.devcontainer/devcontainer.json b/container-templates/image/.devcontainer/devcontainer.json index 9a895136..f2e6786f 100644 --- a/container-templates/image/.devcontainer/devcontainer.json +++ b/container-templates/image/.devcontainer/devcontainer.json @@ -11,7 +11,7 @@ }, // Add the IDs of extensions you want installed when the container is created. - "extensions": [] + "extensions": [], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -25,7 +25,6 @@ // Uncomment when using a ptrace-based debugger like C++, Go, and Rust // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" - + // Comment out connect as root instead. To add a non-root user, see: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/alpine/.devcontainer/devcontainer.json b/containers/alpine/.devcontainer/devcontainer.json index 18d0fd8c..1196ed4f 100644 --- a/containers/alpine/.devcontainer/devcontainer.json +++ b/containers/alpine/.devcontainer/devcontainer.json @@ -13,7 +13,7 @@ // Add the IDs of extensions you want installed when the container is created. // Note that some extensions may not work in Alpine Linux. See https://aka.ms/vscode-remote/linux. - "extensions": [] + "extensions": [], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -24,6 +24,6 @@ // Uncomment when using a ptrace-based debugger like C++, Go, and Rust // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/azure-ansible/.devcontainer/devcontainer.json b/containers/azure-ansible/.devcontainer/devcontainer.json index d7e87c77..58344d13 100644 --- a/containers/azure-ansible/.devcontainer/devcontainer.json +++ b/containers/azure-ansible/.devcontainer/devcontainer.json @@ -13,6 +13,7 @@ // "source=${localEnv:HOME}${localEnv:USERPROFILE}/.ansible/collections,target=/root/.ansible/collections,type=bind,consistency=cached", "source=/var/run/docker.sock,target=/var/run/docker-host.sock,type=bind" ], + "overrideCommand": false, // Set *default* container specific settings.json values on container create. "settings": { @@ -25,13 +26,14 @@ "redhat.vscode-yaml", "ms-vscode.azurecli", "ms-azuretools.vscode-docker" - ] + ], + // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "ansible --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/azure-blockchain/.devcontainer/devcontainer.json b/containers/azure-blockchain/.devcontainer/devcontainer.json index 81818f58..f076d944 100644 --- a/containers/azure-blockchain/.devcontainer/devcontainer.json +++ b/containers/azure-blockchain/.devcontainer/devcontainer.json @@ -11,7 +11,7 @@ "extensions": [ "ms-vscode.azurecli", "azblockchain.azure-blockchain" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -19,6 +19,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "az --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/azure-cli/.devcontainer/devcontainer.json b/containers/azure-cli/.devcontainer/devcontainer.json index 645701a6..2d9a0295 100644 --- a/containers/azure-cli/.devcontainer/devcontainer.json +++ b/containers/azure-cli/.devcontainer/devcontainer.json @@ -10,7 +10,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-vscode.azurecli" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -21,7 +21,6 @@ // Uncomment when using a ptrace-based debugger like C++, Go, and Rust // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" - + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json b/containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json index a066d77d..5ce72fd2 100644 --- a/containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json +++ b/containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json @@ -12,11 +12,11 @@ "extensions": [ "ms-azuretools.vscode-azurefunctions", "ms-dotnettools.csharp" - ] + ], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "dotnet restore", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/azure-functions-dotnetcore-3.1/.devcontainer/devcontainer.json b/containers/azure-functions-dotnetcore-3.1/.devcontainer/devcontainer.json index 91895990..7f6b9c1b 100644 --- a/containers/azure-functions-dotnetcore-3.1/.devcontainer/devcontainer.json +++ b/containers/azure-functions-dotnetcore-3.1/.devcontainer/devcontainer.json @@ -12,12 +12,11 @@ "extensions": [ "ms-azuretools.vscode-azurefunctions", "ms-dotnettools.csharp" - ] + ], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "dotnet restore", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" - + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/azure-functions-java-11/.devcontainer/devcontainer.json b/containers/azure-functions-java-11/.devcontainer/devcontainer.json index e07aafe2..f8dffc43 100644 --- a/containers/azure-functions-java-11/.devcontainer/devcontainer.json +++ b/containers/azure-functions-java-11/.devcontainer/devcontainer.json @@ -13,11 +13,11 @@ "extensions": [ "ms-azuretools.vscode-azurefunctions", "vscjava.vscode-java-pack" - ] + ], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "java -version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/azure-functions-java-8/.devcontainer/devcontainer.json b/containers/azure-functions-java-8/.devcontainer/devcontainer.json index 40ef6fa9..1b29f6af 100644 --- a/containers/azure-functions-java-8/.devcontainer/devcontainer.json +++ b/containers/azure-functions-java-8/.devcontainer/devcontainer.json @@ -20,11 +20,11 @@ "extensions": [ "ms-azuretools.vscode-azurefunctions", "vscjava.vscode-java-pack" - ] + ], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "java -version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/azure-functions-node/.devcontainer/devcontainer.json b/containers/azure-functions-node/.devcontainer/devcontainer.json index cba8fca9..01a832ec 100644 --- a/containers/azure-functions-node/.devcontainer/devcontainer.json +++ b/containers/azure-functions-node/.devcontainer/devcontainer.json @@ -21,6 +21,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "npm install", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. "remoteUser": "node" } \ No newline at end of file diff --git a/containers/azure-functions-pwsh/.devcontainer/devcontainer.json b/containers/azure-functions-pwsh/.devcontainer/devcontainer.json index 545a3521..8d3736c9 100644 --- a/containers/azure-functions-pwsh/.devcontainer/devcontainer.json +++ b/containers/azure-functions-pwsh/.devcontainer/devcontainer.json @@ -8,7 +8,6 @@ } }, "forwardPorts": [ 7071 ], - "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ], // Set *default* container specific settings.json values on container create. "settings": { @@ -19,11 +18,11 @@ "extensions": [ "ms-azuretools.vscode-azurefunctions", "ms-vscode.powershell" - ] + ], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "dotnet restore", - - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/azure-functions-python-3/.devcontainer/devcontainer.json b/containers/azure-functions-python-3/.devcontainer/devcontainer.json index a0f55e77..101cf850 100644 --- a/containers/azure-functions-python-3/.devcontainer/devcontainer.json +++ b/containers/azure-functions-python-3/.devcontainer/devcontainer.json @@ -2,7 +2,6 @@ "name": "Azure Functions & Python 3", "dockerFile": "Dockerfile", "forwardPorts": [ 7071 ], - "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ], // Set *default* container specific settings.json values on container create. "settings": { @@ -19,6 +18,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "npm install", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/azure-static-web-apps/.devcontainer/devcontainer.json b/containers/azure-static-web-apps/.devcontainer/devcontainer.json index 0e26efcf..2c8cfb45 100644 --- a/containers/azure-static-web-apps/.devcontainer/devcontainer.json +++ b/containers/azure-static-web-apps/.devcontainer/devcontainer.json @@ -21,6 +21,6 @@ // Use 'postCreateCommand' to run commands after the container is created. "postCreateCommand": "source ${NVM_DIR}/nvm.sh && nvm install --lts", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/azure-terraform/.devcontainer/devcontainer.json b/containers/azure-terraform/.devcontainer/devcontainer.json index 5b206958..4623306a 100644 --- a/containers/azure-terraform/.devcontainer/devcontainer.json +++ b/containers/azure-terraform/.devcontainer/devcontainer.json @@ -11,6 +11,7 @@ } }, "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker-host.sock,type=bind" ], + "overrideCommand": false, // Set *default* container specific settings.json values on container create. "settings": { @@ -23,7 +24,7 @@ "ms-azuretools.vscode-azureterraform", "ms-vscode.azurecli", "ms-azuretools.vscode-docker" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -31,7 +32,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "terraform --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "overrideCommand": false, - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/bazel/.devcontainer/devcontainer.json b/containers/bazel/.devcontainer/devcontainer.json index cb29bdf1..927d800c 100644 --- a/containers/bazel/.devcontainer/devcontainer.json +++ b/containers/bazel/.devcontainer/devcontainer.json @@ -16,7 +16,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "devondcarew.bazel-code" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -27,7 +27,6 @@ // Uncomment when using a ptrace-based debugger like C++, Go, and Rust // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" - + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/cpp/.devcontainer/devcontainer.json b/containers/cpp/.devcontainer/devcontainer.json index 74921023..c2fc8e75 100644 --- a/containers/cpp/.devcontainer/devcontainer.json +++ b/containers/cpp/.devcontainer/devcontainer.json @@ -15,7 +15,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-vscode.cpptools" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -23,7 +23,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "gcc -v", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" - + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/dart/.devcontainer/devcontainer.json b/containers/dart/.devcontainer/devcontainer.json index 097a8a60..bc323096 100644 --- a/containers/dart/.devcontainer/devcontainer.json +++ b/containers/dart/.devcontainer/devcontainer.json @@ -14,7 +14,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "dart-code.dart-code" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -22,6 +22,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "uname -a", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/debian/.devcontainer/devcontainer.json b/containers/debian/.devcontainer/devcontainer.json index 0bb749a6..431f42e8 100644 --- a/containers/debian/.devcontainer/devcontainer.json +++ b/containers/debian/.devcontainer/devcontainer.json @@ -12,7 +12,7 @@ }, // Add the IDs of extensions you want installed when the container is created. - "extensions": [] + "extensions": [], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -23,6 +23,6 @@ // Uncomment when using a ptrace-based debugger like C++, Go, and Rust // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/deno/.devcontainer/devcontainer.json b/containers/deno/.devcontainer/devcontainer.json index c382addc..7f80fb66 100644 --- a/containers/deno/.devcontainer/devcontainer.json +++ b/containers/deno/.devcontainer/devcontainer.json @@ -18,6 +18,6 @@ // Uncomment to use the Docker CLI from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker. // "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ], - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/docker-from-docker-compose/.devcontainer/devcontainer.json b/containers/docker-from-docker-compose/.devcontainer/devcontainer.json index 48344d1c..76ee82d0 100644 --- a/containers/docker-from-docker-compose/.devcontainer/devcontainer.json +++ b/containers/docker-from-docker-compose/.devcontainer/devcontainer.json @@ -17,7 +17,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-azuretools.vscode-docker" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -25,6 +25,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "docker --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/docker-from-docker-compose/README.md b/containers/docker-from-docker-compose/README.md index fbcdc58d..c275c5ba 100644 --- a/containers/docker-from-docker-compose/README.md +++ b/containers/docker-from-docker-compose/README.md @@ -22,7 +22,9 @@ This example illustrates how you can do this by running CLI commands and using t ## How it works / adapting your existing dev container config -The [`.devcontainer` folder in this repository](.devcontainer) contains a complete example that **you can simply change the `FROM` statement** in `.devcontainer/Dockerfile` to another Debian/Ubuntu based image to adapt to your own use (along with adding anything else you need). +The [`.devcontainer` folder in this repository](.devcontainer) contains a complete example that **you can simply change the `FROM` statement** to another Debian/Ubuntu based image to adapt to your own use (along with adding anything else you need). + +In addition, we recommend just **using [docker script](../../script-library/docs/docker.md) from the script library** as an easy way to get this running in your own existing container. However, this section will outline the how you can selectively add this functionality to your own Dockerfile in two parts: enabling access to Docker for the root user, and enabling it for a non-root user. @@ -59,7 +61,39 @@ You can adapt your own existing development container Dockerfile to support this ### Enabling non-root access to Docker in the container -To enable non-root access to Docker in the container, you use `socat` to proxy the Docker socket without affecting its permissions. This is safer than updating the permissions of the host socket itself since this would apply to all containers. You can also alias `docker` to be `sudo docker` in a `.bashrc` file, but this does not work in cases where the Docker socket is accessed directly. +This can be a bit trickier than it might first seem if you're looking to ensure things run locally on macOS, Windows, and Linux as well as in Codespaces. The **[docker script](../../script-library/docs/docker.md)** used in this container **automatically detects the right thing** to do to enable this scenario, but it uses the following two approaches to accomplish it. + +#### Adding the user to a Docker group + +In some environments like Codespaces, this is relatively simple to achieve if the Docker socket already has a group other than root on it. To see if this is the case, open a terminal in VS Code when connected to the container to check: + +```bash +stat -c '%g' /var/run/docker.sock +``` + +If you get a number other than `0`, you can simply add your non-root user to right user group. To do so: + +1. As before, follow [the instructions in the Remote - Containers documentation](https://aka.ms/vscode-remote/containers/non-root) to create a non-root user with sudo access if you do not already have one. + +2. Follow the [directions in the previous section](#enabling-root-user-access-to-docker-in-the-container) to install the Docker CLI. + +3. Update your Dockerfile as follows to create a group with the right group ID and be sure the user is in it: + + ```Dockerfile + ARG NONROOT_USER=vscode + + RUN export SOCKET_GID=$(stat -c '%g' /var/run/docker.sock) \ + && if [ "$(cat /etc/group | grep :${SOCKET_GID}:)" = "" ]; then \ + groupadd --gid ${SOCKET_GID} docker-host; \ + fi \ + && if [ "$(id ${NONROOT_USER} | grep -E 'groups=.+\${SOCKET_GID}\(')" = "" ]; then \ + usermod -aG ${SOCKET_GID} ${NONROOT_USER}; + fi + ``` + +#### Final fallback: socat + +However, if the host's socket is owned by the root user and root group (`0`), you'll need to either change the group on the socket on the host or use `socat` to proxy the Docker socket without affecting its permissions. The `socat` option can be safer than updating the permissions of the host socket itself since this would apply to all containers. You can also alias `docker` to be `sudo docker` in a `.bashrc` file, but this does not work in cases where the Docker socket is accessed directly. Follow these directions to set up non-root access using `socat`: @@ -111,11 +145,17 @@ That's it! ## Using bind mounts when working with Docker inside the container -A common question that comes up is how you can use `bind` mounts from the Docker CLI from within the Codespace itself (e.g. via `-v`). The trick is that, since you're acutally using Docker sitting outside of the container, the paths will be different than those in the container. You need to use the **host**'s paths instead. A simple way to do this is to put `${localWorkspaceFolder}` in an environment variable that you then use when doing bind mounts inside the container. +> **Note:** Currently it is not possible to easily access container contents outside of the workspace folder when using this approach. You can, however, access workspace folder contents. + +In some cases, you may want to be able to mount the local workspace folder into a container you create while running from inside the dev container (e.g. using `-v` from the Docker CLI). The issue is that, with "Docker from Docker", containers are always created on the host. So, when you bind mount a folder into any container, you'll need to use the **host**'s paths. + +In GitHub Codespaces, the workspace folder is **available in the same place on the host as it is in the container,** so you can bind workspace contents as you would normally. + +However, for Remote - Containers, this is typically not the case. A simple way to work around this is to put `${localWorkspaceFolder}` in an environment variable that you then use when doing bind mounts inside the container. Add the following to `devcontainer.json`: -``` +```json "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" } ``` diff --git a/containers/docker-from-docker/.devcontainer/devcontainer.json b/containers/docker-from-docker/.devcontainer/devcontainer.json index 90c662da..b4dcb253 100644 --- a/containers/docker-from-docker/.devcontainer/devcontainer.json +++ b/containers/docker-from-docker/.devcontainer/devcontainer.json @@ -3,6 +3,7 @@ "dockerFile": "Dockerfile", "runArgs": ["--init"], "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker-host.sock,type=bind" ], + "overrideCommand": false, // Use this environment variable if you need to bind mount your local source code into a new container. "remoteEnv": { @@ -17,7 +18,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-azuretools.vscode-docker" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -25,7 +26,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "docker --version", - // Uncomment the next two lines to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "overrideCommand": false, - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/docker-from-docker/README.md b/containers/docker-from-docker/README.md index b05f24cb..df254f7a 100644 --- a/containers/docker-from-docker/README.md +++ b/containers/docker-from-docker/README.md @@ -24,6 +24,8 @@ This example illustrates how you can do this by running CLI commands and using t The [`.devcontainer` folder in this repository](.devcontainer) contains a complete example that **you can simply change the `FROM` statement** to another Debian/Ubuntu based image to adapt to your own use (along with adding anything else you need). +In addition, we recommend just **using [docker script](../../script-library/docs/docker.md) from the script library** as an easy way to get this running in your own existing container. + However, this section will outline the how you can selectively add this functionality to your own Dockerfile in two parts: enabling access to Docker for the root user, and enabling it for a non-root user. ### Enabling root user access to Docker in the container @@ -60,7 +62,41 @@ You can adapt your own existing development container Dockerfile to support this ### Enabling non-root access to Docker in the container -To enable non-root access to Docker in the container, you use `socat` to proxy the Docker socket without affecting its permissions. This is safer than updating the permissions of the host socket itself since this would apply to all containers. You can also alias `docker` to be `sudo docker` in a `.bashrc` file, but this does not work in cases where the Docker socket is accessed directly. +This can be a bit trickier than it might first seem if you're looking to ensure things run locally on macOS, Windows, and Linux as well as in Codespaces. The **[docker script](../../script-library/docs/docker.md)** used in this container **automatically detects the right thing** to do to enable this scenario, but it uses the following two approaches to accomplish it. + +In short, you can ignore this if you use the script, but here's what it does. + +#### Adding the user to a Docker group + +In some environments like Codespaces, this is relatively simple to achieve if the Docker socket already has a group other than root on it. To see if this is the case, open a terminal in VS Code when connected to the container to check: + +```bash +stat -c '%g' /var/run/docker.sock +``` + +If you get a number other than `0`, you can simply add your non-root user to right user group. To do so: + +1. As before, follow [the instructions in the Remote - Containers documentation](https://aka.ms/vscode-remote/containers/non-root) to create a non-root user with sudo access if you do not already have one. + +2. Follow the [directions in the previous section](#enabling-root-user-access-to-docker-in-the-container) to install the Docker CLI. + +3. Update your Dockerfile as follows to create a group with the right group ID and be sure the user is in it: + + ```Dockerfile + ARG NONROOT_USER=vscode + + RUN export SOCKET_GID=$(stat -c '%g' /var/run/docker.sock) \ + && if [ "$(cat /etc/group | grep :${SOCKET_GID}:)" = "" ]; then \ + groupadd --gid ${SOCKET_GID} docker-host; \ + fi \ + && if [ "$(id ${NONROOT_USER} | grep -E 'groups=.+\${SOCKET_GID}\(')" = "" ]; then \ + usermod -aG ${SOCKET_GID} ${NONROOT_USER}; + fi + ``` + +#### Final fallback: socat + +However, if the host's socket is owned by the root user and root group (`root` `root`), you'll need to either change the group on the socket on the host or use `socat` to proxy the Docker socket without affecting its permissions. The `socat` option can be safer than updating the permissions of the host socket itself since this would apply to all containers. You can also alias `docker` to be `sudo docker` in a `.bashrc` file, but this does not work in cases where the Docker socket is accessed directly. Follow these directions to set up non-root access using `socat`: @@ -109,11 +145,17 @@ That's it! ## Using bind mounts when working with Docker inside the container -A common question that comes up is how you can use `bind` mounts from the Docker CLI from within the Codespace itself (e.g. via `-v`). The trick is that, since you're acutally using Docker sitting outside of the container, the paths will be different than those in the container. You need to use the **host**'s paths instead. A simple way to do this is to put `${localWorkspaceFolder}` in an environment variable that you then use when doing bind mounts inside the container. +> **Note:** Currently it is not possible to easily access container contents outside of the workspace folder when using this approach. You can, however, access workspace folder contents. + +In some cases, you may want to be able to mount the local workspace folder into a container you create while running from inside the dev container (e.g. using `-v` from the Docker CLI). The issue is that, with "Docker from Docker", containers are always created on the host. So, when you bind mount a folder into any container, you'll need to use the **host**'s paths. + +In GitHub Codespaces, the workspace folder is **available in the same place on the host as it is in the container,** so you can bind workspace contents as you would normally. + +However, for Remote - Containers, this is typically not the case. A simple way to work around this is to put `${localWorkspaceFolder}` in an environment variable that you then use when doing bind mounts inside the container. Add the following to `devcontainer.json`: -``` +```json "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" } ``` diff --git a/containers/dotnetcore-fsharp/.devcontainer/devcontainer.json b/containers/dotnetcore-fsharp/.devcontainer/devcontainer.json index 212aeba8..b44a2dde 100644 --- a/containers/dotnetcore-fsharp/.devcontainer/devcontainer.json +++ b/containers/dotnetcore-fsharp/.devcontainer/devcontainer.json @@ -24,7 +24,7 @@ "extensions": [ "Ionide.Ionide-fsharp", "ms-dotnettools.csharp" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -32,6 +32,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "dotnet restore", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/dotnetcore/.devcontainer/devcontainer.json b/containers/dotnetcore/.devcontainer/devcontainer.json index 7d6e4ee6..ed61090f 100644 --- a/containers/dotnetcore/.devcontainer/devcontainer.json +++ b/containers/dotnetcore/.devcontainer/devcontainer.json @@ -20,7 +20,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-dotnettools.csharp" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [5000, 5001], @@ -51,6 +51,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "dotnet restore", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/elm/.devcontainer/devcontainer.json b/containers/elm/.devcontainer/devcontainer.json index b7c93d6d..bd5ca952 100644 --- a/containers/elm/.devcontainer/devcontainer.json +++ b/containers/elm/.devcontainer/devcontainer.json @@ -10,7 +10,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "Elmtooling.elm-ls-vscode" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // 8000 is the default port used for the `elm reactor` command @@ -19,6 +19,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "elm make", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "node" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "node" } diff --git a/containers/go/.devcontainer/devcontainer.json b/containers/go/.devcontainer/devcontainer.json index 9b0104d3..1460ad7e 100644 --- a/containers/go/.devcontainer/devcontainer.json +++ b/containers/go/.devcontainer/devcontainer.json @@ -25,7 +25,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "golang.Go" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -33,6 +33,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "go version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/hugo/.devcontainer/devcontainer.json b/containers/hugo/.devcontainer/devcontainer.json index 299c6458..5ffdd019 100644 --- a/containers/hugo/.devcontainer/devcontainer.json +++ b/containers/hugo/.devcontainer/devcontainer.json @@ -13,25 +13,26 @@ "VERSION": "latest", } }, + // Set *default* container specific settings.json values on container create. "settings": { "terminal.integrated.shell.linux": "/bin/zsh" }, + // Add the IDs of extensions you want installed when the container is created. "extensions": [ "bungcip.better-toml", "davidanson.vscode-markdownlint" ], + // Use 'forwardPorts' to make a list of ports inside the container available locally. "forwardPorts": [ 1313 ], + // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "uname -a", - // Uncomment to use Docker from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker. - // "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ], - // Uncomment when using a ptrace-based debugger like C++, Go, and Rust - // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - "remoteUser": "vscode" + + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "node" } \ No newline at end of file diff --git a/containers/java-8/.devcontainer/devcontainer.json b/containers/java-8/.devcontainer/devcontainer.json index 3a97783d..f965e11a 100644 --- a/containers/java-8/.devcontainer/devcontainer.json +++ b/containers/java-8/.devcontainer/devcontainer.json @@ -25,7 +25,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "vscjava.vscode-java-pack" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -33,6 +33,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "java -version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/java/.devcontainer/devcontainer.json b/containers/java/.devcontainer/devcontainer.json index adcb79b0..0295f081 100644 --- a/containers/java/.devcontainer/devcontainer.json +++ b/containers/java/.devcontainer/devcontainer.json @@ -22,7 +22,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "vscjava.vscode-java-pack" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -30,6 +30,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "java -version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/javascript-node-mongo/.devcontainer/devcontainer.json b/containers/javascript-node-mongo/.devcontainer/devcontainer.json index 8af1beec..2c33a5e4 100644 --- a/containers/javascript-node-mongo/.devcontainer/devcontainer.json +++ b/containers/javascript-node-mongo/.devcontainer/devcontainer.json @@ -14,7 +14,7 @@ "extensions": [ "dbaeumer.vscode-eslint", "mongodb.mongodb-vscode" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [3000, 27017], @@ -22,6 +22,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "yarn install", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "node" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "node" } \ No newline at end of file diff --git a/containers/javascript-node-postgres/.devcontainer/devcontainer.json b/containers/javascript-node-postgres/.devcontainer/devcontainer.json index e22f1895..adf7900e 100644 --- a/containers/javascript-node-postgres/.devcontainer/devcontainer.json +++ b/containers/javascript-node-postgres/.devcontainer/devcontainer.json @@ -25,7 +25,7 @@ "dbaeumer.vscode-eslint", "mtxr.sqltools", "mtxr.sqltools-driver-pg" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [3000, 5432], @@ -33,6 +33,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "yarn install", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "node" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "node" } diff --git a/containers/javascript-node/.devcontainer/devcontainer.json b/containers/javascript-node/.devcontainer/devcontainer.json index b57bf42c..af2ee4ba 100644 --- a/containers/javascript-node/.devcontainer/devcontainer.json +++ b/containers/javascript-node/.devcontainer/devcontainer.json @@ -14,7 +14,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "dbaeumer.vscode-eslint" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -22,6 +22,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "yarn install", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "node" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "node" } diff --git a/containers/jekyll/.devcontainer/devcontainer.json b/containers/jekyll/.devcontainer/devcontainer.json index ba1924e7..852bbe48 100644 --- a/containers/jekyll/.devcontainer/devcontainer.json +++ b/containers/jekyll/.devcontainer/devcontainer.json @@ -16,12 +16,11 @@ "extensions": [], // Use 'forwardPorts' to make a list of ports inside the container available locally. - "forwardPorts": [4000] + "forwardPorts": [4000], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "bundle install", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" - + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/kubernetes-helm/README.md b/containers/kubernetes-helm/README.md index b423a7d2..f04204e4 100644 --- a/containers/kubernetes-helm/README.md +++ b/containers/kubernetes-helm/README.md @@ -8,7 +8,7 @@ |----------|-------| | *Contributors* | The VS Code team and Phetsinorath William | | *Definition type* | Dockerfile | -| *Works in Codespaces* | No | +| *Works in Codespaces* | Yes | | *Container host OS support* | Linux, macOS, Windows | | *Languages, platforms* | Any | @@ -18,7 +18,7 @@ Dev containers can be useful for all types of applications including those that This example illustrates how you can do this by using CLIs ([kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), [Helm](https://helm.sh), Docker), the [Kubernetes extension](https://marketplace.visualstudio.com/items?itemName=ms-kubernetes-tools.vscode-kubernetes-tools), and the [Docker extension](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker) right from inside your dev container. This definition builds up from the [docker-from-docker](../docker-from-docker) container definition to add Kubernetes and Helm support. It installs the Docker and Kubernetes extensions inside the container so you can use its full feature set with your project. -The dev container also syncs your local Kubernetes config (`~/.kube/config` or `%USERPROFILE%\.kube\config`) into the container with the necessary modifications to allow it to interact with anything running on your local machine whenever the container or a terminal window is started. This includes interacting with a Kubernetes cluster managed through Docker Desktop or a local Minikube install. +When using Remote - Containers, the dev container also syncs your local Kubernetes config (`~/.kube/config` or `%USERPROFILE%\.kube\config`) into the container with the necessary modifications to allow it to interact with anything running on your local machine whenever the container or a terminal window is started. This includes interacting with a Kubernetes cluster managed through Docker Desktop or a local Minikube install. (Note that this does **not** happen when using **GitHub Codespaces**.) ## How it works / adapting your existing dev container config @@ -74,7 +74,7 @@ You can adapt your own existing development container Dockerfile to support this RUN curl -s https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash - ``` -3. Finally, we need to automatically swap out `localhost` for `host.docker.internal` in the container's copy of the Kubernetes config and (optionally) Minikube certificates. Manually copy the [`copy-kube-config.sh` script](.devcontainer/copy-kube-config.sh) from the `.devcontainer` folder in this repo folder into the same folder as your `Dockerfile` and then update your `Dockerfile` to use it from your `/root/.bashrc` and/or `/root/.zshrc`. +3. Finally, we need to automatically swap out `localhost` for `host.docker.internal` in the container's copy of the Kubernetes config and (optionally) Minikube certificates. Manually copy the [`copy-kube-config.sh` script](.devcontainer/copy-kube-config.sh) from the `.devcontainer` folder in this repo folder into the same folder as your `Dockerfile` and then update your `Dockerfile` to use it from your `/root/.bashrc` and/or `/root/.zshrc`. ```Dockerfile COPY copy-kube-config.sh /usr/local/share/ @@ -83,9 +83,43 @@ You can adapt your own existing development container Dockerfile to support this 4. Press F1 and run **Remote-Containers: Rebuild Container** so the changes take effect. -### Enabling non-root access in the container +### Enabling non-root access to Docker in the container -To enable non-root access, you can use `socat` to proxy the Docker socket without affecting its permissions. This is safer than updating the permissions of the host socket itself since this would apply to all containers. You then also need to copy the `.bashrc` script into the non-root user's home folder as well. +This can be a bit trickier than it might first seem if you're looking to ensure things run locally on macOS, Windows, and Linux as well as in Codespaces. The **[docker script](../../script-library/docs/docker.md)** used in this container **automatically detects the right thing** to do to enable this scenario, but it uses the following two approaches to accomplish it. + +In short, you can ignore this if you use the script, but here's what it does. + +#### Adding the user to a Docker group + +In some environments like Codespaces, this is relatively simple to achieve if the Docker socket already has a group other than root on it. To see if this is the case, open a terminal in VS Code when connected to the container to check: + +```bash +stat -c '%g' /var/run/docker.sock +``` + +If you get a number other than `0`, you can simply add your non-root user to right user group. To do so: + +1. As before, follow [the instructions in the Remote - Containers documentation](https://aka.ms/vscode-remote/containers/non-root) to create a non-root user with sudo access if you do not already have one. + +2. Follow the [directions in the previous section](#enabling-root-user-access-to-docker-in-the-container) to install the Docker CLI. + +3. Update your Dockerfile as follows to create a group with the right group ID and be sure the user is in it: + + ```Dockerfile + ARG NONROOT_USER=vscode + + RUN export SOCKET_GID=$(stat -c '%g' /var/run/docker.sock) \ + && if [ "$(cat /etc/group | grep :${SOCKET_GID}:)" = "" ]; then \ + groupadd --gid ${SOCKET_GID} docker-host; \ + fi \ + && if [ "$(id ${NONROOT_USER} | grep -E 'groups=.+\${SOCKET_GID}\(')" = "" ]; then \ + usermod -aG ${SOCKET_GID} ${NONROOT_USER}; + fi + ``` + +#### Final fallback: socat + +However, if the host's socket is owned by the root user and root group (`root` `root`), you'll need to either change the group on the socket on the host or use `socat` to proxy the Docker socket without affecting its permissions. The `socat` option can be safer than updating the permissions of the host socket itself since this would apply to all containers. You can also alias `docker` to be `sudo docker` in a `.bashrc` file, but this does not work in cases where the Docker socket is accessed directly. Follow these directions to set up non-root access using `socat`: diff --git a/containers/markdown/.devcontainer/devcontainer.json b/containers/markdown/.devcontainer/devcontainer.json index df61c7f6..3e362ec4 100644 --- a/containers/markdown/.devcontainer/devcontainer.json +++ b/containers/markdown/.devcontainer/devcontainer.json @@ -14,7 +14,7 @@ "DavidAnson.vscode-markdownlint", "shd101wyy.markdown-preview-enhanced", "bierner.github-markdown-preview" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -22,6 +22,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "uname -a", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/perl/.devcontainer/devcontainer.json b/containers/perl/.devcontainer/devcontainer.json index 7bad5e44..340a76b5 100644 --- a/containers/perl/.devcontainer/devcontainer.json +++ b/containers/perl/.devcontainer/devcontainer.json @@ -16,14 +16,14 @@ "extensions": [ "mortenhenriksen.perl-debug", "d9705996.perl-toolbox" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "perl -v", - - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/php-mariadb/.devcontainer/devcontainer.json b/containers/php-mariadb/.devcontainer/devcontainer.json index 92384e9f..373d160b 100644 --- a/containers/php-mariadb/.devcontainer/devcontainer.json +++ b/containers/php-mariadb/.devcontainer/devcontainer.json @@ -30,11 +30,11 @@ ], // For use with PHP or Apache (e.g.php -S localhost:8080 or apache2ctl start) - "forwardPorts": [8080, 3306] + "forwardPorts": [8080, 3306], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "sudo chmod a+x \"$(pwd)\" && sudo rm -rf /var/www/html && sudo ln -s \"$(pwd)\" /var/www/html" - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/php/.devcontainer/devcontainer.json b/containers/php/.devcontainer/devcontainer.json index 01c7e037..88867032 100644 --- a/containers/php/.devcontainer/devcontainer.json +++ b/containers/php/.devcontainer/devcontainer.json @@ -23,11 +23,11 @@ ], // Use 'forwardPorts' to make a list of ports inside the container available locally. - "forwardPorts": [8080] + "forwardPorts": [8080], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "sudo chmod a+x \"$(pwd)\" && sudo rm -rf /var/www/html && sudo ln -s \"$(pwd)\" /var/www/html" - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/powershell/.devcontainer/devcontainer.json b/containers/powershell/.devcontainer/devcontainer.json index 79e65685..73ccd5e0 100644 --- a/containers/powershell/.devcontainer/devcontainer.json +++ b/containers/powershell/.devcontainer/devcontainer.json @@ -10,7 +10,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-vscode.powershell" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -18,6 +18,6 @@ // Uncomment the next line to run commands after the container is created. This gets run in bash which is why we call `pwsh`. // "postCreateCommand": "pwsh -c '$PSVersionTable'", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/python-3-anaconda/.devcontainer/devcontainer.json b/containers/python-3-anaconda/.devcontainer/devcontainer.json index efdb40fd..5db57704 100644 --- a/containers/python-3-anaconda/.devcontainer/devcontainer.json +++ b/containers/python-3-anaconda/.devcontainer/devcontainer.json @@ -26,7 +26,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-python.python" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -34,6 +34,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "python --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/python-3-device-simulator-express/.devcontainer/devcontainer.json b/containers/python-3-device-simulator-express/.devcontainer/devcontainer.json index f18dd96f..d22da67e 100644 --- a/containers/python-3-device-simulator-express/.devcontainer/devcontainer.json +++ b/containers/python-3-device-simulator-express/.devcontainer/devcontainer.json @@ -29,13 +29,13 @@ "extensions": [ "ms-python.python", "ms-python.devicesimulatorexpress" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "pip3 install --user -r requirements.txt", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/python-3-miniconda/.devcontainer/devcontainer.json b/containers/python-3-miniconda/.devcontainer/devcontainer.json index 2d2d6a38..a89a9649 100644 --- a/containers/python-3-miniconda/.devcontainer/devcontainer.json +++ b/containers/python-3-miniconda/.devcontainer/devcontainer.json @@ -29,7 +29,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-python.python" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -37,6 +37,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "python --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/python-3-postgres/.devcontainer/devcontainer.json b/containers/python-3-postgres/.devcontainer/devcontainer.json index 92201458..96a9a33d 100644 --- a/containers/python-3-postgres/.devcontainer/devcontainer.json +++ b/containers/python-3-postgres/.devcontainer/devcontainer.json @@ -38,7 +38,7 @@ "ms-python.python", "mtxr.sqltools", "mtxr.sqltools-driver-pg" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [5000, 5432], @@ -46,6 +46,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "pip install --user -r requirements.txt", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/python-3/.devcontainer/devcontainer.json b/containers/python-3/.devcontainer/devcontainer.json index 5662abae..2883d912 100644 --- a/containers/python-3/.devcontainer/devcontainer.json +++ b/containers/python-3/.devcontainer/devcontainer.json @@ -32,7 +32,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-python.python" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -40,6 +40,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "pip3 install --user -r requirements.txt", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/r/.devcontainer/devcontainer.json b/containers/r/.devcontainer/devcontainer.json index 2c17b514..1c00c78b 100644 --- a/containers/r/.devcontainer/devcontainer.json +++ b/containers/r/.devcontainer/devcontainer.json @@ -13,7 +13,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ikuyadeu.r" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -21,6 +21,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "R --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "docker" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/reasonml/.devcontainer/devcontainer.json b/containers/reasonml/.devcontainer/devcontainer.json index 57b4c6b8..e623ab7c 100644 --- a/containers/reasonml/.devcontainer/devcontainer.json +++ b/containers/reasonml/.devcontainer/devcontainer.json @@ -10,7 +10,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "jaredly.reason-vscode" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -18,6 +18,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "yarn install", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "node" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/ruby-rails/.devcontainer/devcontainer.json b/containers/ruby-rails/.devcontainer/devcontainer.json index b2b08e85..29756cb0 100644 --- a/containers/ruby-rails/.devcontainer/devcontainer.json +++ b/containers/ruby-rails/.devcontainer/devcontainer.json @@ -17,7 +17,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "rebornix.Ruby" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -25,7 +25,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "ruby --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" - + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/ruby-sinatra/.devcontainer/devcontainer.json b/containers/ruby-sinatra/.devcontainer/devcontainer.json index a2e2adce..49651167 100644 --- a/containers/ruby-sinatra/.devcontainer/devcontainer.json +++ b/containers/ruby-sinatra/.devcontainer/devcontainer.json @@ -17,7 +17,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "rebornix.Ruby" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [4567], @@ -25,6 +25,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/ruby/.devcontainer/devcontainer.json b/containers/ruby/.devcontainer/devcontainer.json index bf8ea264..1fe8ecad 100644 --- a/containers/ruby/.devcontainer/devcontainer.json +++ b/containers/ruby/.devcontainer/devcontainer.json @@ -19,7 +19,7 @@ // Add the IDs of extensions you want installed when the container is created. "extensions": [ "rebornix.Ruby" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -27,7 +27,7 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "ruby --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/rust/.devcontainer/devcontainer.json b/containers/rust/.devcontainer/devcontainer.json index edce97ae..8d5a02a3 100644 --- a/containers/rust/.devcontainer/devcontainer.json +++ b/containers/rust/.devcontainer/devcontainer.json @@ -21,7 +21,7 @@ "bungcip.better-toml", "vadimcn.vscode-lldb", "mutantdino.resourcemonitor" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -29,6 +29,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "rustc --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } diff --git a/containers/swift/.devcontainer/devcontainer.json b/containers/swift/.devcontainer/devcontainer.json index d59416ea..96677825 100644 --- a/containers/swift/.devcontainer/devcontainer.json +++ b/containers/swift/.devcontainer/devcontainer.json @@ -29,7 +29,7 @@ "extensions": [ "vknabel.vscode-swift-development-environment", "vadimcn.vscode-lldb" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -37,6 +37,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "swiftc --version", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/typescript-node/.devcontainer/devcontainer.json b/containers/typescript-node/.devcontainer/devcontainer.json index 878a8f6e..ab4b91e9 100644 --- a/containers/typescript-node/.devcontainer/devcontainer.json +++ b/containers/typescript-node/.devcontainer/devcontainer.json @@ -15,7 +15,7 @@ "extensions": [ "dbaeumer.vscode-eslint", "ms-vscode.vscode-typescript-tslint-plugin" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -23,6 +23,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "yarn install", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "node" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "node" } \ No newline at end of file diff --git a/containers/ubuntu/.devcontainer/devcontainer.json b/containers/ubuntu/.devcontainer/devcontainer.json index 975d1507..6a4224e9 100644 --- a/containers/ubuntu/.devcontainer/devcontainer.json +++ b/containers/ubuntu/.devcontainer/devcontainer.json @@ -12,7 +12,7 @@ }, // Add the IDs of extensions you want installed when the container is created. - "extensions": [] + "extensions": [], // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], @@ -20,6 +20,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "uname -a", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "vscode" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" } \ No newline at end of file diff --git a/containers/vue/.devcontainer/devcontainer.json b/containers/vue/.devcontainer/devcontainer.json index 16f16c7d..2add4754 100644 --- a/containers/vue/.devcontainer/devcontainer.json +++ b/containers/vue/.devcontainer/devcontainer.json @@ -26,6 +26,6 @@ // Use 'postCreateCommand' to run commands after the container is created. // "postCreateCommand": "uname -a", - // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. - // "remoteUser": "node" + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "node" } \ No newline at end of file