Dev container and SELinux

ndlarsen · November 9, 2025, 8:27am

After creating a new project + dev container using VSCode on a Fedora 43 system, I have observed what appears to be permission related issues.

Now, I am not entirely convinced if this is an actual bug nor if it is, which product the bug is caused by. For all I know it might be either or both.

Is this known or expected behavior? If it is, is ther a setting I need to change to allow this? Is there some information I should redirect to the team maintaining the vscode-remote-release project?

VSCode Version:

Version: 1.105.1
Commit: 7d842fb85a0275a4a8e4d7e040d2625abbf7f084
Date: 2025-10-14T22:33:36.618Z
Electron: 37.6.0
ElectronBuildId: 12502201
Chromium: 138.0.7204.251
Node.js: 22.19.0
V8: 13.8.258.32-electron.0
OS: Linux x64 6.17.5-300.fc43.x86_64
1.105.1
7d842fb85a0275a4a8e4d7e040d2625abbf7f084
x64

Local OS Version: Fedora 43 (freshly installed 42 and upgraded to 43)

$ uname -a
Linux laptop 6.17.5-300.fc43.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Oct 23 15:35:13 UTC 2025 x86_64 GNU/  Linux

$ cat /etc/os-release 
NAME="Fedora Linux"
VERSION="43 (Workstation Edition)"
RELEASE_TYPE=stable
ID=fedora
VERSION_ID=43
VERSION_CODENAME=""
PRETTY_NAME="Fedora Linux 43 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:43"
DEFAULT_HOSTNAME="fedora"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f43/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=43
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=43
SUPPORT_END=2026-12-02
VARIANT="Workstation Edition"
VARIANT_ID=workstation

$ sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      35

Remote OS Version: "image": "mcr.microsoft.com/devcontainers/python:2-3.12-bullseye"
Remote Extension/Connection Type: Dev Containers
Logs: see below

Steps to Reproduce:

create new, empty project
add main.py with content (just to rule out the cause being an empty source directory):
```
if __name__ == "__main__":
 print("main called")
```
add default dev container based on mcr.microsoft.com/devcontainers/python:2-3.12-bullseye
build dev container
when build succeeds observe empty workspace in file explorer

execute :

 vscode ➜ /workspaces/testQwe $ python main.py
 python: can't open file '/workspaces/testQwe/main.py': [Errno 13] Permission denied
 vscode ➜ /workspaces/testQwe $ ls
 ls: cannot open directory '.': Permission denied

close remote connection
temporarily disable SELinux by

$ sudo setenforce 0

Rebuild dev container
observe populated file explorer and successful re-execution of step 6.

Does this issue occur when you try this locally?: No
Does this issue occur when you try this locally and all extensions are disabled?: No

Dev container build log:

Bug report:

github.com/microsoft/vscode-remote-release

Dev containers: permission issues on Fedora 43 using SELinux

opened 10:21AM - 30 Oct 25 UTC

ndlarsen

containers info-needed

After creating a new project + dev container on a Fedora 43 system, I have obser…ved what appears to be permission related issues. Now, I am not entirely convinced that the cause is to be found in the dev containers related functionality, for all I know it might be caused by Fedora Linux. - VSCode Version: ```shell Version: 1.105.1 Commit: 7d842fb85a0275a4a8e4d7e040d2625abbf7f084 Date: 2025-10-14T22:33:36.618Z Electron: 37.6.0 ElectronBuildId: 12502201 Chromium: 138.0.7204.251 Node.js: 22.19.0 V8: 13.8.258.32-electron.0 OS: Linux x64 6.17.5-300.fc43.x86_64 1.105.1 7d842fb85a0275a4a8e4d7e040d2625abbf7f084 x64 ``` - Local OS Version: Fedora 43 (freshly installed 42 and upgraded to 43) ``` $ uname -a Linux laptop 6.17.5-300.fc43.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Oct 23 15:35:13 UTC 2025 x86_64 GNU/ Linux ``` ``` $ cat /etc/os-release NAME="Fedora Linux" VERSION="43 (Workstation Edition)" RELEASE_TYPE=stable ID=fedora VERSION_ID=43 VERSION_CODENAME="" PRETTY_NAME="Fedora Linux 43 (Workstation Edition)" ANSI_COLOR="0;38;2;60;110;180" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:43" DEFAULT_HOSTNAME="fedora" HOME_URL="https://fedoraproject.org/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f43/" SUPPORT_URL="https://ask.fedoraproject.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=43 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=43 SUPPORT_END=2026-12-02 VARIANT="Workstation Edition" VARIANT_ID=workstation ``` ``` $ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 35 ``` - Remote OS Version: `"image": "mcr.microsoft.com/devcontainers/python:2-3.12-bullseye"` - Remote Extension/Connection Type: Dev Containers - Logs: see below Steps to Reproduce: 1. create new, empty project 2. add `main.py` with content (just to rule out the cause being an empty source directory): ```python if __name__ == "__main__": print("main called") ``` 3. add default dev container based on `mcr.microsoft.com/devcontainers/python:2-3.12-bullseye` 4. build dev container 5. when build succeeds observe empty workspace in file explorer 6. execute : ```shell vscode ➜ /workspaces/testQwe $ python main.py python: can't open file '/workspaces/testQwe/main.py': [Errno 13] Permission denied vscode ➜ /workspaces/testQwe $ ls ls: cannot open directory '.': Permission denied ``` 7. close remote connection 8. temporarily disable SELinux by ``` $ sudo setenforce 0 ``` 9. Rebuild dev container 10. observe populated file explorer and successful re-execution of step 6. Does this issue occur when you try this locally?: No Does this issue occur when you try this locally and all extensions are disabled?: No Dev container build log: ``` [28 ms] Dev Containers 0.427.0 in VS Code 1.105.1 (7d842fb85a0275a4a8e4d7e040d2625abbf7f084). [28 ms] Start: Resolving Remote [40 ms] Setting up container for folder or workspace: /home/ndlarsen/src/testQwe [74 ms] Start: Check Docker is running [75 ms] Start: Run: docker version [97 ms] Client: Version: 28.5.1 API version: 1.51 Go version: go1.25.1 X:nodwarf5 Git commit: 2.fc43 Built: Thu Oct 9 00:00:00 2025 OS/Arch: linux/amd64 [98 ms] Context: default Server: Engine: Version: 28.5.1 API version: 1.51 (minimum version 1.24) Go version: go1.25.1 X:nodwarf5 Git commit: 2.fc43 Built: Thu Oct 9 00:00:00 2025 OS/Arch: linux/amd64 Experimental: false containerd: Version: 2.1.4 GitCommit: 4.fc43 runc: Version: 1.3.2 GitCommit: tini-static: Version: 0.19.0 GitCommit: [100 ms] Start: Run: docker volume ls -q [117 ms] Start: Run: docker ps -q -a --filter label=vsch.local.folder=/home/ndlarsen/src/testQwe --filter label=vsch.quality=stable [135 ms] Start: Run: docker ps -q -a --filter label=devcontainer.local_folder=/home/ndlarsen/src/testQwe --filter label=devcontainer.config_file=/home/ndlarsen/src/testQwe/.devcontainer/devcontainer.json [153 ms] Start: Run: docker inspect --type container de4f051bf551 [173 ms] Running Dev Containers CLI: up --user-data-folder /home/ndlarsen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --container-session-data-folder /tmp/devcontainers-1e96a59f-3628-42bf-9115-8345a9f107f71761818806884 --workspace-folder /home/ndlarsen/src/testQwe --workspace-mount-consistency cached --gpu-availability detect --id-label devcontainer.local_folder=/home/ndlarsen/src/testQwe --id-label devcontainer.config_file=/home/ndlarsen/src/testQwe/.devcontainer/devcontainer.json --log-level debug --log-format json --config /home/ndlarsen/src/testQwe/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --build-no-cache --remove-existing-container --mount type=volume,source=vscode,target=/vscode,external=true --mount type=bind,source=/run/user/1000/wayland-0,target=/tmp/vscode-wayland-e5147fa2-4b5d-4491-bf70-2304b572f848.sock --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root --include-configuration --include-merged-configuration [173 ms] Start: Run: /usr/share/code/code /home/ndlarsen/.vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js up --user-data-folder /home/ndlarsen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --container-session-data-folder /tmp/devcontainers-1e96a59f-3628-42bf-9115-8345a9f107f71761818806884 --workspace-folder /home/ndlarsen/src/testQwe --workspace-mount-consistency cached --gpu-availability detect --id-label devcontainer.local_folder=/home/ndlarsen/src/testQwe --id-label devcontainer.config_file=/home/ndlarsen/src/testQwe/.devcontainer/devcontainer.json --log-level debug --log-format json --config /home/ndlarsen/src/testQwe/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --build-no-cache --remove-existing-container --mount type=volume,source=vscode,target=/vscode,external=true --mount type=bind,source=/run/user/1000/wayland-0,target=/tmp/vscode-wayland-e5147fa2-4b5d-4491-bf70-2304b572f848.sock --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root --include-configuration --include-merged-configuration [335 ms] @devcontainers/cli 0.80.1. Node.js v22.19.0. linux 6.17.5-300.fc43.x86_64 x64. [335 ms] Start: Run: docker buildx version [396 ms] github.com/docker/buildx 0.29.1 1.fc43 [396 ms] [396 ms] Start: Run: docker -v [412 ms] Start: Resolving Remote [414 ms] Start: Run: git rev-parse --show-cdup [421 ms] Loading 147 extra certificates from /etc/ssl/certs/ca-certificates.crt. [520 ms] Start: Run: docker ps -q -a --filter label=devcontainer.local_folder=/home/ndlarsen/src/testQwe --filter label=devcontainer.config_file=/home/ndlarsen/src/testQwe/.devcontainer/devcontainer.json [540 ms] Start: Run: docker inspect --type container de4f051bf551 [555 ms] Start: Removing Existing Container [555 ms] Start: Run: docker rm -f de4f051bf551ec03ad2cb5489401a49b013a7c4af1789480bbef7659cc30b796 [947 ms] Start: Run: docker inspect --type image mcr.microsoft.com/devcontainers/python:2-3.12-bullseye [2005 ms] Start: Run: docker build -f /tmp/devcontainercli-ndlarsen/updateUID.Dockerfile-0.80.1 -t vsc-testqwe-ddb40d99d431127e836bb5f12afa0ec2d0d694087eb5b820b3c1a6d595557844-uid --platform linux/amd64 --build-arg BASE_IMAGE=mcr.microsoft.com/devcontainers/python:2-3.12-bullseye --build-arg REMOTE_USER=vscode --build-arg NEW_UID=1000 --build-arg NEW_GID=1000 --build-arg IMAGE_USER=root /home/ndlarsen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data/empty-folder [+] Building 0.3s (6/6) FINISHED docker:default => [internal] load build definition from updateUID.Dockerfile-0.80.1 0.0s => => transferring dockerfile: 1.42kB 0.0s => WARN: InvalidDefaultArgInFrom: Default value for ARG $BASE_IMAGE resu 0.0s => [internal] load metadata for mcr.microsoft.com/devcontainers/python:2 0.2s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [1/2] FROM mcr.microsoft.com/devcontainers/python:2-3.12-bullseye@sha 0.0s => CACHED [2/2] RUN eval $(sed -n "s/vscode:[^:]*:$[^:]*$:$[^:]*$:[^ 0.0s => exporting to image 0.0s => => exporting layers 0.0s => => writing image sha256:4480b7e421bcbbf76cf9d7d6fc4d3118463e612220e2c 0.0s => => naming to docker.io/library/vsc-testqwe-ddb40d99d431127e836bb5f12a 0.0s 1 warning found (use docker --debug to expand): - InvalidDefaultArgInFrom: Default value for ARG $BASE_IMAGE results in empty or invalid base image name (line 2) [2396 ms] Start: Run: docker events --format {{json .}} --filter event=start [2400 ms] Start: Starting container [2400 ms] Start: Run: docker run --sig-proxy=false -a STDOUT -a STDERR --mount type=bind,source=/home/ndlarsen/src/testQwe,target=/workspaces/testQwe --mount type=volume,src=vscode,dst=/vscode --mount type=bind,src=/run/user/1000/wayland-0,dst=/tmp/vscode-wayland-e5147fa2-4b5d-4491-bf70-2304b572f848.sock -l devcontainer.local_folder=/home/ndlarsen/src/testQwe -l devcontainer.config_file=/home/ndlarsen/src/testQwe/.devcontainer/devcontainer.json --entrypoint /bin/sh -l devcontainer.metadata=[{"id":"ghcr.io/devcontainers/features/common-utils:2"},{"id":"ghcr.io/devcontainers/features/git:1","customizations":{"vscode":{"settings":{"github.copilot.chat.codeGeneration.instructions":[{"text":"This dev container includes an up-to-date version of Git, built from source as needed, pre-installed and available on the `PATH`."}]}}}},{"id":"ghcr.io/devcontainers/features/node:1","customizations":{"vscode":{"extensions":["dbaeumer.vscode-eslint"],"settings":{"github.copilot.chat.codeGeneration.instructions":[{"text":"This dev container includes `node`, `npm` and `eslint` pre-installed and available on the `PATH` for Node.js and JavaScript development."}]}}}},{"id":"ghcr.io/devcontainers/features/python:1","customizations":{"vscode":{"extensions":["ms-python.python","ms-python.vscode-pylance","ms-python.autopep8"],"settings":{"github.copilot.chat.codeGeneration.instructions":[{"text":"This dev container includes `python3` and `pip3` pre-installed and available on the `PATH`, along with the Python language extensions for Python development."}],"python.defaultInterpreterPath":"/usr/local/python/current/bin/python","[python]":{"editor.defaultFormatter":"ms-python.autopep8"}}}}},{"customizations":{"vscode":{"settings":{"python.defaultInterpreterPath":"/usr/local/bin/python"}}},"remoteUser":"vscode"}] vsc-testqwe-ddb40d99d431127e836bb5f12afa0ec2d0d694087eb5b820b3c1a6d595557844-uid -c echo Container started Container started [2708 ms] Start: Run: docker ps -q -a --filter label=devcontainer.local_folder=/home/ndlarsen/src/testQwe --filter label=devcontainer.config_file=/home/ndlarsen/src/testQwe/.devcontainer/devcontainer.json [2724 ms] Start: Run: docker inspect --type container c338be83ac7c [2741 ms] Start: Inspecting container [2741 ms] Start: Run: docker inspect --type container c338be83ac7c495624cf1663be9a8ab11eb110d4e9a31a9089b3bdf836351446 [2760 ms] Start: Run in container: /bin/sh [2763 ms] Start: Run in container: uname -m [2822 ms] x86_64 [2822 ms] [2822 ms] Start: Run in container: (cat /etc/os-release || cat /usr/lib/os-release) 2>/dev/null [2823 ms] PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" [2823 ms] [2823 ms] Start: Run in container: (command -v getent >/dev/null 2>&1 && getent passwd 'vscode' || grep -E '^vscode|^[^:]*:[^:]*:vscode:' /etc/passwd || true) [2825 ms] Start: Run in container: test -f '/var/devcontainer/.patchEtcEnvironmentMarker' [2826 ms] [2826 ms] [2826 ms] Exit code 1 [2826 ms] Start: Run in container: /bin/sh [2830 ms] Start: Run in container: test ! -f '/var/devcontainer/.patchEtcEnvironmentMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcEnvironmentMarker' ; } 2> /dev/null [2890 ms] [2890 ms] [2890 ms] Start: Run in container: cat >> /etc/environment <<'etcEnvironmentEOF' [2893 ms] [2893 ms] [2893 ms] Start: Run in container: test -f '/var/devcontainer/.patchEtcProfileMarker' [2894 ms] [2894 ms] [2894 ms] Exit code 1 [2894 ms] Start: Run in container: test ! -f '/var/devcontainer/.patchEtcProfileMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcProfileMarker' ; } 2> /dev/null [2895 ms] [2895 ms] [2895 ms] Start: Run in container: sed -i -E 's/((^|\s)PATH=)([^\$]*)$/\1${PATH:-\3}/g' /etc/profile || true [2898 ms] [2898 ms] [2904 ms] Start: Run: docker inspect --type container c338be83ac7c495624cf1663be9a8ab11eb110d4e9a31a9089b3bdf836351446 [2923 ms] Start: Run: docker exec -i -u root c338be83ac7c495624cf1663be9a8ab11eb110d4e9a31a9089b3bdf836351446 /bin/sh -c echo "New container started. Keep-alive process started." ; export VSCODE_REMOTE_CONTAINERS_SESSION=1e96a59f-3628-42bf-9115-8345a9f107f71761818806884 ; /bin/sh [2924 ms] Start: Inspecting container [2924 ms] Start: Run: docker inspect --type container c338be83ac7c495624cf1663be9a8ab11eb110d4e9a31a9089b3bdf836351446 [2947 ms] Start: Run in container: /bin/sh [2953 ms] Start: Run in container: uname -m [2981 ms] New container started. Keep-alive process started. [3003 ms] x86_64 [3003 ms] [3003 ms] Start: Run in container: (cat /etc/os-release || cat /usr/lib/os-release) 2>/dev/null [3005 ms] PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" [3005 ms] [3005 ms] Start: Run in container: (command -v getent >/dev/null 2>&1 && getent passwd 'vscode' || grep -E '^vscode|^[^:]*:[^:]*:vscode:' /etc/passwd || true) [3007 ms] safe.directory: Looking up root folder for workspace folder '/workspaces/testQwe'. [3008 ms] Start: Run in container: command -v git >/dev/null 2>&1 && ROOT_FOLDER="$(git -C '/workspaces/testQwe' rev-parse --show-toplevel)" && test "$(stat -c %u "$ROOT_FOLDER")" != "$(id -u)" && echo -n "$ROOT_FOLDER" [3010 ms] [3010 ms] fatal: not a git repository (or any parent up to mount point /workspaces) Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set). [3010 ms] Exit code 128 [3011 ms] safe.directory: Checking host ownership of root folder at mount point '/workspaces/testQwe' skipped. [3011 ms] Start: Updating configuration state [3013 ms] Start: Setup shutdown monitor [3014 ms] Forking shutdown monitor: /home/ndlarsen/.vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/shutdown/shutdownMonitorProcess /run/user/1000/vscode-remote-containers-734cc807-c086-4a7a-b7b8-dff2cde4f5e9.sock singleContainer Debug /home/ndlarsen/.config/Code/logs/20251030T104006/window1/exthost/ms-vscode-remote.remote-containers 1761818807575 [3020 ms] Start: Run in container: test -d '/home/vscode/.vscode-server' [3021 ms] [3021 ms] [3021 ms] Exit code 1 [3021 ms] Start: Run in container: test -d '/home/vscode/.vscode-remote' [3021 ms] [3021 ms] [3021 ms] Exit code 1 [3022 ms] Start: Run in container: test ! -f '/home/vscode/.vscode-server/data/Machine/.writeMachineSettingsMarker' && set -o noclobber && mkdir -p '/home/vscode/.vscode-server/data/Machine' && { > '/home/vscode/.vscode-server/data/Machine/.writeMachineSettingsMarker' ; } 2> /dev/null [3028 ms] [3028 ms] [3028 ms] Start: Run in container: test -f '/home/vscode/.vscode-server/data/Machine/settings.json' [3029 ms] [3029 ms] [3029 ms] Exit code 1 [3029 ms] Start: Run in container: which apt dpkg snap dnf yum rpm apk docker git gh kubectl podman curl wget ssh scp rsync gpg ps lsof netstat top tree find grep zip unzip tar gzip bzip2 xz || true [3033 ms] Start: Run in container: mkdir -p '/home/vscode/.vscode-server/data/Machine' && cat >'/home/vscode/.vscode-server/data/Machine/settings.json' <<'settingsJSON' [3036 ms] [3036 ms] [3037 ms] Start: Run in container: test ! -f '/home/vscode/.vscode-server/data/Machine/.writeMachineMCPConfigMarker' && set -o noclobber && mkdir -p '/home/vscode/.vscode-server/data/Machine' && { > '/home/vscode/.vscode-server/data/Machine/.writeMachineMCPConfigMarker' ; } 2> /dev/null [3040 ms] [3041 ms] [3041 ms] Start: Run in container: test -f '/home/vscode/.vscode-server/data/User/mcp.json' [3041 ms] [3041 ms] [3041 ms] Exit code 1 [3042 ms] Start: Run in container: test -d '/home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084' [3042 ms] [3042 ms] [3042 ms] Exit code 1 [3043 ms] Start: Run in container: test -d '/vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084' [3044 ms] [3044 ms] [3044 ms] Start: Run in container: mkdir -p '/home/vscode/.vscode-server/bin' && ln -snf '/vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084' '/home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084' [3047 ms] [3048 ms] [3048 ms] Start: Run in container: /bin/sh [3053 ms] Start: Run in container: test -x '/home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/bin/helpers/check-requirements.sh' [3053 ms] Start: Run in container: touch '/vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084' [3054 ms] [3054 ms] [3055 ms] Start: Run in container: '/home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/bin/helpers/check-requirements.sh' [3094 ms] [3095 ms] [3095 ms] Start: Launching Dev Containers helper. [3095 ms] ssh-agent: SSH_AUTH_SOCK in container (/tmp/vscode-ssh-auth-b4cca4fe-ca43-4a53-b647-23d7643895c0.sock) forwarded to local host (/run/user/1000/gcr/ssh). [3095 ms] Start: Run in container: test -e /tmp/.X11-unix/X0 [3096 ms] [3096 ms] [3096 ms] Exit code 1 [3096 ms] Start: Run in container: mkdir -p '/tmp/.X11-unix' [3098 ms] [3098 ms] [3098 ms] X11 forwarding: DISPLAY in container (:0) forwarded to local host (:0). [3099 ms] Start: Run in container: gpgconf --list-dirs [3101 ms] sysconfdir:/etc/gnupg bindir:/usr/bin libexecdir:/usr/lib/gnupg libdir:/usr/lib/x86_64-linux-gnu/gnupg datadir:/usr/share/gnupg localedir:/usr/share/locale socketdir:/home/vscode/.gnupg dirmngr-socket:/home/vscode/.gnupg/S.dirmngr agent-ssh-socket:/home/vscode/.gnupg/S.gpg-agent.ssh agent-extra-socket:/home/vscode/.gnupg/S.gpg-agent.extra agent-browser-socket:/home/vscode/.gnupg/S.gpg-agent.browser agent-socket:/home/vscode/.gnupg/S.gpg-agent homedir:/home/vscode/.gnupg [3101 ms] [3101 ms] Start: Run in container: ls '/home/vscode/.gnupg/private-keys-v1.d' 2>/dev/null [3103 ms] [3103 ms] [3103 ms] Exit code 2 [3104 ms] Start: Run: gpgconf --list-dirs [3109 ms] sysconfdir:/etc/gnupg bindir:/usr/bin libexecdir:/usr/libexec libdir:/usr/lib64/gnupg datadir:/usr/share/gnupg localedir:/usr/share/locale socketdir:/run/user/1000/gnupg dirmngr-socket:/run/user/1000/gnupg/S.dirmngr keyboxd-socket:/run/user/1000/gnupg/S.keyboxd agent-ssh-socket:/run/user/1000/gnupg/S.gpg-agent.ssh agent-extra-socket:/run/user/1000/gnupg/S.gpg-agent.extra agent-browser-socket:/run/user/1000/gnupg/S.gpg-agent.browser agent-socket:/run/user/1000/gnupg/S.gpg-agent homedir:/home/ndlarsen/.gnupg [3109 ms] [3109 ms] Start: Run in container: test -f '/home/vscode/.gnupg/pubring.kbx' [3110 ms] [3110 ms] [3110 ms] Exit code 1 [3110 ms] Start: Run in container: test -f '/home/vscode/.gnupg/pubring.gpg' [3111 ms] [3111 ms] [3111 ms] Exit code 1 [3111 ms] Start: Run in container: test -f '/home/vscode/.gnupg/trustdb.gpg' [3112 ms] [3112 ms] [3112 ms] Exit code 1 [3112 ms] Start: Run in container: mkdir -p -m 700 '/home/vscode/.gnupg' [3112 ms] gpg-agent: Socket in container (/home/vscode/.gnupg/S.gpg-agent) forwarded to local host (/run/user/1000/gnupg/S.gpg-agent.extra). [3114 ms] [3114 ms] [3114 ms] Start: Run in container: (command -v 'docker' || command -v 'oras' || command -v 'skopeo') >/dev/null 2>&1 [3115 ms] Start: Run: gpg-connect-agent updatestartuptty /bye [3119 ms] [3119 ms] [3119 ms] Exit code 127 [3120 ms] Start: Run in container: /bin/sh [3124 ms] userEnvProbe: loginInteractiveShell (default) [3124 ms] Start: Run in container: test -f '/tmp/devcontainers-1e96a59f-3628-42bf-9115-8345a9f107f71761818806884/env-loginInteractiveShell.json' [3125 ms] Start: Run in container: echo ~ [3125 ms] [3125 ms] [3125 ms] Exit code 1 [3126 ms] userEnvProbe: not found in cache [3126 ms] userEnvProbe shell: /bin/bash [3126 ms] [3126 ms] [3127 ms] Start: Run in container: # Test for /home/vscode/.ssh/known_hosts and ssh [3130 ms] [3130 ms] [3131 ms] Start: Run in container: # Copy /home/ndlarsen/.ssh/known_hosts to /home/vscode/.ssh/known_hosts [3134 ms] [3134 ms] [3134 ms] Start: Run in container: command -v git >/dev/null 2>&1 && git config --system --replace-all credential.helper '!f() { /home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/node /tmp/vscode-remote-containers-b4cca4fe-ca43-4a53-b647-23d7643895c0.js git-credential-helper $*; }; f' || true [3137 ms] [3137 ms] [3138 ms] Start: Run in container: for pid in `cd /proc && ls -d [0-9]*`; do { echo $pid ; readlink /proc/$pid/cwd || echo ; readlink /proc/$pid/ns/mnt || echo ; cat /proc/$pid/stat | tr " [3182 ms] Start: Run in container: cat '/home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/product.json' [3184 ms] Start: Run in container: cat '/home/vscode/.vscode-server/data/Machine/.connection-token-7d842fb85a0275a4a8e4d7e040d2625abbf7f084' 2>/dev/null || (umask 377 && echo '433d015e-39f9-41f6-8e1f-875189dc0020' >'/home/vscode/.vscode-server/data/Machine/.connection-token-7d842fb85a0275a4a8e4d7e040d2625abbf7f084-0c18e9a9-597d-431e-9f0e-0cad916f852a' && mv -n '/home/vscode/.vscode-server/data/Machine/.connection-token-7d842fb85a0275a4a8e4d7e040d2625abbf7f084-0c18e9a9-597d-431e-9f0e-0cad916f852a' '/home/vscode/.vscode-server/data/Machine/.connection-token-7d842fb85a0275a4a8e4d7e040d2625abbf7f084' && rm -f '/home/vscode/.vscode-server/data/Machine/.connection-token-7d842fb85a0275a4a8e4d7e040d2625abbf7f084-0c18e9a9-597d-431e-9f0e-0cad916f852a' && cat '/home/vscode/.vscode-server/data/Machine/.connection-token-7d842fb85a0275a4a8e4d7e040d2625abbf7f084') [3184 ms] /home/vscode [3184 ms] [3184 ms] Start: Run in container: cat <<'EOF-/tmp/vscode-remote-containers-b4cca4fe-ca43-4a53-b647-23d7643895c0.js' >/tmp/vscode-remote-containers-b4cca4fe-ca43-4a53-b647-23d7643895c0.js [3186 ms] [3186 ms] [3186 ms] Start: Run in container: cat <<'EOF-/tmp/vscode-remote-containers-server-b4cca4fe-ca43-4a53-b647-23d7643895c0.js' >/tmp/vscode-remote-containers-server-b4cca4fe-ca43-4a53-b647-23d7643895c0.js_1761818810761 [3189 ms] 433d015e-39f9-41f6-8e1f-875189dc0020 [3189 ms] [3190 ms] Start: Starting VS Code Server [3190 ms] Start: Preparing Extensions [3190 ms] Start: Run in container: test ! -f '/home/vscode/.vscode-server/data/Machine/.installExtensionsMarker' && set -o noclobber && mkdir -p '/home/vscode/.vscode-server/data/Machine' && { > '/home/vscode/.vscode-server/data/Machine/.installExtensionsMarker' ; } 2> /dev/null [3191 ms] [3191 ms] [3194 ms] [3194 ms] [3196 ms] Extensions cache, install extensions: dbaeumer.vscode-eslint, ms-python.python, ms-python.vscode-pylance, ms-python.autopep8 [3196 ms] Start: Run in container: test -d /home/vscode/.vscode-server/extensionsCache && ls /home/vscode/.vscode-server/extensionsCache || true [3196 ms] [3196 ms] [3197 ms] Start: Run in container: test -d /vscode/vscode-server/extensionsCache && ls /vscode/vscode-server/extensionsCache || true [3199 ms] dbaeumer.vscode-eslint-3.0.16 ms-azuretools.vscode-containers-2.2.0 ms-python.autopep8-2025.2.0 ms-python.debugpy-2025.14.1-linux-x64 ms-python.python-2025.16.0-linux-x64 ms-python.vscode-pylance-2025.9.1 ms-python.vscode-python-envs-1.10.0-linux-x64 streetsidesoftware.code-spell-checker-4.2.6 streetsidesoftware.code-spell-checker-danish-2.2.5 [3199 ms] [3199 ms] Extensions cache, link in container: dbaeumer.vscode-eslint-3.0.16, ms-python.autopep8-2025.2.0, ms-python.python-2025.16.0-linux-x64, ms-python.vscode-pylance-2025.9.1 [3199 ms] Start: Run in container: mkdir -p '/home/vscode/.vscode-server/extensionsCache' && ln -s '/vscode/vscode-server/extensionsCache'/* '/home/vscode/.vscode-server/extensionsCache' || true [3202 ms] [3203 ms] [3203 ms] Optimizing extensions for quality: stable [3203 ms] Start: Run in container: cd /vscode/vscode-server/extensionsCache && touch 'dbaeumer.vscode-eslint-3.0.16' 'ms-python.autopep8-2025.2.0' 'ms-python.python-2025.16.0-linux-x64' 'ms-python.vscode-pylance-2025.9.1' [3203 ms] Start: Run in container: /home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/bin/code-server --log debug --force-disable-user-env --server-data-dir /home/vscode/.vscode-server --use-host-proxy --telemetry-level all --accept-server-license-terms --host 127.0.0.1 --port 0 --connection-token-file /home/vscode/.vscode-server/data/Machine/.connection-token-7d842fb85a0275a4a8e4d7e040d2625abbf7f084 --extensions-download-dir /home/vscode/.vscode-server/extensionsCache --install-extension dbaeumer.vscode-eslint --install-extension ms-python.python --install-extension ms-python.vscode-pylance --install-extension ms-python.autopep8 --start-server --disable-websocket-compression --skip-requirements-check [3208 ms] [3208 ms] [3277 ms] userEnvProbe PATHs: Probe: '/usr/local/python/current/bin:/usr/local/py-utils/bin:/usr/local/jupyter:/usr/local/share/nvm/current/bin:/usr/local/bin:/usr/local/python/current/bin:/usr/local/py-utils/bin:/usr/local/jupyter:/usr/local/share/nvm/current/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/vscode/.local/bin' Container: '/usr/local/python/current/bin:/usr/local/py-utils/bin:/usr/local/jupyter:/usr/local/share/nvm/current/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' [3277 ms] Start: Run in container: mkdir -p '/tmp/devcontainers-1e96a59f-3628-42bf-9115-8345a9f107f71761818806884' && cat > '/tmp/devcontainers-1e96a59f-3628-42bf-9115-8345a9f107f71761818806884/env-loginInteractiveShell.json' << 'envJSON' [3279 ms] [3280 ms] [3280 ms] Start: Run in container: umask 077 && XRD="/tmp/user/$(id -u)" && mkdir -p $XRD && echo $XRD [3283 ms] /tmp/user/1000 [3283 ms] [3284 ms] Start: Run in container: test -e /tmp/user/1000/vscode-wayland-e5147fa2-4b5d-4491-bf70-2304b572f848.sock || ln -sf /tmp/vscode-wayland-e5147fa2-4b5d-4491-bf70-2304b572f848.sock /tmp/user/1000/vscode-wayland-e5147fa2-4b5d-4491-bf70-2304b572f848.sock [3285 ms] [3285 ms] [3337 ms] * * Visual Studio Code Server * * By using the software, you agree to * the Visual Studio Code Server License Terms (https://aka.ms/vscode-server-license) and * the Microsoft Privacy Statement (https://privacy.microsoft.com/en-US/privacystatement). * [3342 ms] Server bound to 127.0.0.1:40783 (IPv4) Extension host agent listening on 40783 [3342 ms] Start: Run in container: echo 40783 >'/home/vscode/.vscode-server/data/Machine/.devport-7d842fb85a0275a4a8e4d7e040d2625abbf7f084' [3343 ms] [3343 ms] [3343 ms] Port forwarding for container port 40783 starts listening on local port. [3344 ms] Port forwarding local port 40783 to container port 40783 [3350 ms] Initializing configuration support... [3350 ms] Internal initialization of dev container support package... [3353 ms] Start: Run in container: command -v git >/dev/null 2>&1 && git config --global --replace-all credential.helper '!f() { /home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/node /tmp/vscode-remote-containers-b4cca4fe-ca43-4a53-b647-23d7643895c0.js git-credential-helper $*; }; f' || true [3358 ms] Port forwarding connection from 48124 > 40783 > 40783 in the container. [3359 ms] Start: Run in container: /home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/node -e [3363 ms] [3363 ms] [3386 ms] Ignoring option 'skip-requirements-check': not supported for server. [3390 ms] [10:06:50] [3432 ms] Port forwarding 48124 > 40783 > 40783 stderr: Connection established [3438 ms] [10:06:51] Installing extensions... [3440 ms] [10:06:51] Extension host agent started. [3486 ms] [10:06:51] Error while reading the extension cache file: /home/vscode/.vscode-server/data/CachedProfilesData/__default__profile__/extensions.builtin.cache Unable to read file '/home/vscode/.vscode-server/data/CachedProfilesData/__default__profile__/extensions.builtin.cache' (Error: Unable to resolve nonexistent file '/home/vscode/.vscode-server/data/CachedProfilesData/__default__profile__/extensions.builtin.cache') [3487 ms] [10:06:51] Started initializing default profile extensions in extensions installation folder. file:///home/vscode/.vscode-server/extensions [3493 ms] Port forwarding connection from 48146 > 40783 > 40783 in the container. [3493 ms] Start: Run in container: /home/vscode/.vscode-server/bin/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/node -e [3508 ms] [10:06:51] [127.0.0.1][275b2874][ManagementConnection] New connection established. [3510 ms] [10:06:51] ComputeTargetPlatform: linux-x64 [3542 ms] [10:06:51] Log level changed to info [3571 ms] Port forwarding 48146 > 40783 > 40783 stderr: Connection established [3593 ms] [10:06:51] Completed initializing default profile extensions in extensions installation folder. file:///home/vscode/.vscode-server/extensions [3632 ms] [10:06:51] [127.0.0.1][12a355d7][ExtensionHostConnection] New connection established. [3641 ms] [10:06:51] [127.0.0.1][12a355d7][ExtensionHostConnection] <388> Launched Extension Host Process. [3656 ms] [node.js fs] readdir with filetypes failed with error: Error: EACCES: permission denied, scandir '/workspaces/testQwe' at async Object.readdir (node:internal/fs/promises:957:18) at async mC (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90686) at async o6 (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90615) at async Object.Sh (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90480) at async Xu.readdir (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:67:15749) { errno: -13, code: 'EACCES', syscall: 'scandir', path: '/workspaces/testQwe' } [3657 ms] [node.js fs] readdir with filetypes failed with error: Error: EACCES: permission denied, scandir '/workspaces/testQwe' at async Object.readdir (node:internal/fs/promises:957:18) at async mC (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90686) at async o6 (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90615) at async Object.Sh (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90480) at async Xu.readdir (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:67:15749) { errno: -13, code: 'EACCES', syscall: 'scandir', path: '/workspaces/testQwe' } [node.js fs] readdir with filetypes failed with error: Error: EACCES: permission denied, scandir '/workspaces/testQwe' at async Object.readdir (node:internal/fs/promises:957:18) at async mC (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90686) at async o6 (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90615) at async Object.Sh (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:27:90480) at async Xu.readdir (file:///vscode/vscode-server/bin/linux-x64/7d842fb85a0275a4a8e4d7e040d2625abbf7f084/out/server-main.js:67:15749) { errno: -13, code: 'EACCES', syscall: 'scandir', path: '/workspaces/testQwe' } [3730 ms] [10:06:51] [File Watcher ('parcel')] Unexpected error: Bad file descriptor (EUNKNOWN) (path: /workspaces/testQwe) [3732 ms] [10:06:51] [File Watcher (universal)] Bad file descriptor [4005 ms] [10:06:51] Installing extension 'dbaeumer.vscode-eslint'... [4006 ms] [10:06:51] Installing extension 'ms-python.python'... [4023 ms] [10:06:51] Installing extension 'ms-python.autopep8'... [4109 ms] [10:06:51] Installing extension 'ms-python.vscode-pylance'... [4111 ms] [10:06:51] Getting Manifest... dbaeumer.vscode-eslint [10:06:51] Getting Manifest... ms-python.python [10:06:51] Getting Manifest... ms-python.autopep8 [10:06:51] Getting Manifest... ms-python.vscode-pylance [4194 ms] [10:06:51] Installing extension: ms-python.autopep8 { isMachineScoped: false, installPreReleaseVersion: false, isApplicationScoped: true, isBuiltin: false, installGivenVersion: false, profileLocation: Vr { scheme: 'file', authority: '', path: '/home/vscode/.vscode-server/extensions/extensions.json', query: '', fragment: '', _formatted: 'file:///home/vscode/.vscode-server/extensions/extensions.json', _fsPath: '/home/vscode/.vscode-server/extensions/extensions.json' }, productVersion: { version: '1.105.1', date: '2025-10-14T22:33:36.618Z' } } [4195 ms] [10:06:51] Installing extension: dbaeumer.vscode-eslint { isMachineScoped: false, installPreReleaseVersion: false, isApplicationScoped: true, isBuiltin: false, installGivenVersion: false, profileLocation: Vr { scheme: 'file', authority: '', path: '/home/vscode/.vscode-server/extensions/extensions.json', query: '', fragment: '', _formatted: 'file:///home/vscode/.vscode-server/extensions/extensions.json', _fsPath: '/home/vscode/.vscode-server/extensions/extensions.json' }, productVersion: { version: '1.105.1', date: '2025-10-14T22:33:36.618Z' } } [10:06:51] Installing extension: ms-python.python { isMachineScoped: false, installPreReleaseVersion: false, isApplicationScoped: true, isBuiltin: false, installGivenVersion: false, profileLocation: Vr { scheme: 'file', authority: '', path: '/home/vscode/.vscode-server/extensions/extensions.json', query: '', fragment: '', _formatted: 'file:///home/vscode/.vscode-server/extensions/extensions.json', _fsPath: '/home/vscode/.vscode-server/extensions/extensions.json' }, productVersion: { version: '1.105.1', date: '2025-10-14T22:33:36.618Z' } } [4195 ms] [10:06:51] Installing extension: ms-python.vscode-pylance { isMachineScoped: false, installPreReleaseVersion: false, isApplicationScoped: true, isBuiltin: false, installGivenVersion: false, profileLocation: Vr { scheme: 'file', authority: '', path: '/home/vscode/.vscode-server/extensions/extensions.json', query: '', fragment: '', _formatted: 'file:///home/vscode/.vscode-server/extensions/extensions.json', _fsPath: '/home/vscode/.vscode-server/extensions/extensions.json' }, productVersion: { version: '1.105.1', date: '2025-10-14T22:33:36.618Z' } } [4253 ms] [10:06:51] Getting Manifest... ms-python.python [4265 ms] [10:06:51] Getting Manifest... ms-python.vscode-pylance [4328 ms] [10:06:51] Getting Manifest... ms-python.vscode-pylance [4333 ms] [10:06:51] Getting Manifest... ms-python.debugpy [4355 ms] [10:06:51] Getting Manifest... ms-python.vscode-python-envs [4367 ms] [10:06:51] Getting Manifest... ms-python.debugpy [4387 ms] [10:06:51] Installing extension: ms-python.debugpy { isMachineScoped: false, installPreReleaseVersion: false, isApplicationScoped: true, isBuiltin: false, installGivenVersion: false, profileLocation: Vr { scheme: 'file', authority: '', path: '/home/vscode/.vscode-server/extensions/extensions.json', query: '', fragment: '', _formatted: 'file:///home/vscode/.vscode-server/extensions/extensions.json', _fsPath: '/home/vscode/.vscode-server/extensions/extensions.json' }, productVersion: { version: '1.105.1', date: '2025-10-14T22:33:36.618Z' }, pinned: false, context: { dependecyOrPackExtensionInstall: true } } [4388 ms] [10:06:51] Installing extension: ms-python.vscode-python-envs { isMachineScoped: false, installPreReleaseVersion: false, isApplicationScoped: true, isBuiltin: false, installGivenVersion: false, profileLocation: Vr { scheme: 'file', authority: '', path: '/home/vscode/.vscode-server/extensions/extensions.json', query: '', fragment: '', _formatted: 'file:///home/vscode/.vscode-server/extensions/extensions.json', _fsPath: '/home/vscode/.vscode-server/extensions/extensions.json' }, productVersion: { version: '1.105.1', date: '2025-10-14T22:33:36.618Z' }, pinned: false, context: { dependecyOrPackExtensionInstall: true } } [4411 ms] [10:06:51] Getting Manifest... ms-python.vscode-python-envs [5697 ms] [10:06:53] Extension signature verification result for dbaeumer.vscode-eslint: Success. Internal Code: 0. Executed: true. Duration: 1228ms. [5714 ms] [10:06:53] Extracted extension to file:///home/vscode/.vscode-server/extensions/dbaeumer.vscode-eslint-3.0.16: dbaeumer.vscode-eslint [5719 ms] [10:06:53] Renamed to /home/vscode/.vscode-server/extensions/dbaeumer.vscode-eslint-3.0.16 [5754 ms] [10:06:53] Extension signature verification result for ms-python.vscode-python-envs: Success. Internal Code: 0. Executed: true. Duration: 1266ms. [5785 ms] [10:06:53] Extension signature verification result for ms-python.python: Success. Internal Code: 0. Executed: true. Duration: 1302ms. [5851 ms] [10:06:53] Extension signature verification result for ms-python.autopep8: Success. Internal Code: 0. Executed: true. Duration: 1288ms. [5853 ms] [10:06:53] Extension signature verification result for ms-python.debugpy: Success. Internal Code: 0. Executed: true. Duration: 1374ms. [5919 ms] [10:06:53] Extracted extension to file:///home/vscode/.vscode-server/extensions/ms-python.vscode-python-envs-1.10.0-linux-x64: ms-python.vscode-python-envs [5924 ms] [10:06:53] Renamed to /home/vscode/.vscode-server/extensions/ms-python.vscode-python-envs-1.10.0-linux-x64 [6037 ms] [10:06:53] Extracted extension to file:///home/vscode/.vscode-server/extensions/ms-python.autopep8-2025.2.0: ms-python.autopep8 [6043 ms] [10:06:53] Extension signature verification result for ms-python.vscode-pylance: Success. Internal Code: 0. Executed: true. Duration: 1077ms. [6048 ms] [10:06:53] Renamed to /home/vscode/.vscode-server/extensions/ms-python.autopep8-2025.2.0 [6218 ms] [10:06:53] Extracted extension to file:///home/vscode/.vscode-server/extensions/ms-python.debugpy-2025.14.1-linux-x64: ms-python.debugpy [6234 ms] [10:06:53] Renamed to /home/vscode/.vscode-server/extensions/ms-python.debugpy-2025.14.1-linux-x64 [6756 ms] [10:06:54] Extracted extension to file:///home/vscode/.vscode-server/extensions/ms-python.python-2025.16.0-linux-x64: ms-python.python [6821 ms] [10:06:54] Renamed to /home/vscode/.vscode-server/extensions/ms-python.python-2025.16.0-linux-x64 [8370 ms] [10:06:55] Extracted extension to file:///home/vscode/.vscode-server/extensions/ms-python.vscode-pylance-2025.9.1: ms-python.vscode-pylance [8547 ms] [10:06:56] Renamed to /home/vscode/.vscode-server/extensions/ms-python.vscode-pylance-2025.9.1 [8557 ms] [10:06:56] Extension installed successfully: dbaeumer.vscode-eslint file:///home/vscode/.vscode-server/extensions/extensions.json [10:06:56] Extension installed successfully: ms-python.vscode-python-envs file:///home/vscode/.vscode-server/extensions/extensions.json [10:06:56] Extension installed successfully: ms-python.autopep8 file:///home/vscode/.vscode-server/extensions/extensions.json [10:06:56] Extension installed successfully: ms-python.debugpy file:///home/vscode/.vscode-server/extensions/extensions.json [10:06:56] Extension installed successfully: ms-python.python file:///home/vscode/.vscode-server/extensions/extensions.json [10:06:56] Extension installed successfully: ms-python.vscode-pylance file:///home/vscode/.vscode-server/extensions/extensions.json [8560 ms] [10:06:56] Extension 'dbaeumer.vscode-eslint' v3.0.16 was successfully installed. [10:06:56] Extension 'ms-python.vscode-python-envs' v1.10.0 was successfully installed. [10:06:56] Extension 'ms-python.autopep8' v2025.2.0 was successfully installed. [10:06:56] Extension 'ms-python.debugpy' v2025.14.1 was successfully installed. [8560 ms] [10:06:56] Extension 'ms-python.python' v2025.16.0 was successfully installed. [10:06:56] Extension 'ms-python.vscode-pylance' v2025.9.1 was successfully installed. ```

l-c-g · November 9, 2025, 8:48am

I am having a hard time reading the log, it would have been nice to see the actual devcontainer.json you are using.

In any case, container volume errors with SELinux are usually a result of incorrect labels. To get the system to label the volumes correctly, you need append the :z (two or more containers sharing the same label) or :Z (private label, only valid for a single container) options to a volume mount. See the info on volumes in the podman-run man page for more information.

In devcontainer.json, this would look something like this:

{
    "name": "python",
    "image": "mcr.microsoft.com/devcontainers/python:2-3.12-bullseye",
    "workspaceMount": "source=${localWorkspaceFolder}/,target=/workspace,type=bind,consistency=cached,Z",
    "workspaceFolder": "/workspace",
    [...]

Notice the ,Z option at the end of "workspaceMount=...,Z".

pg-tips · November 9, 2025, 9:17am

There are also more verbose alternatives (if, like me, you find it difficult to remember which one is Z and which is z).

"workspaceMount=..,relabel=private" (same as Z)

or

"workspaceMount=..,relabel=shared" (same as z)

l-c-g · November 9, 2025, 9:27am

Cool, I did not know that. And yes, I have to look it up every time, too.

Though, for devcontainers it should only make a difference if you intend to open the same workspace in multiple VS Code instances and devcontainers in parallel.

ndlarsen · November 9, 2025, 3:47pm

I am having a hard time reading the log, it would have been nice to see the actual devcontainer.json you are using.

Yeah, the log is not super great but the devcontainer.json was a vanilla/default one generated by the vscode extension with no modifications.

If am I understaning this correctly, in order for this to work on a SELinux enabled system, I need to have the system label the bind mounts properly? If that is so, I would have expected this to be handled by the devcontainer extension for VSCode in the first place. Guess I need to update the bug report with this information.

Though, for devcontainers it should only make a difference if you intend to open the same workspace in multiple VS Code instances and devcontainers in parallel.

Which as far as I remember, was not the case (but not ruling out that it could have been).

I will give it a go when I am back at work tomorrow (my box at home is not running Fedora yet). Will post update.

Thanks.

l-c-g · November 9, 2025, 4:11pm

I think I wasn’t very clear in my post. This was referring to @pg-tips’s comment about the difference between :z and :Z. And this difference is only relevant if you try to access files from more than one container (which requires the shared label). As long as your devcontainer.json has either of them, it should work, at least for the first container instance.

In any case, if you use the shared label, you should be good, even if you start multiple instances, though this technically lowers the isolation between containers.

Correct. When mounting a volume into a container with SELinux, you need to tell your container solution which labels to apply. It cannot know this. With Podman, this is done by adding :(z|Z) after a -v option:

podman run -d --name busybox-iostat -v ./src:/dest:Z busybox iostat 1

Check out this article for a longer explanation.

I doubt they will consider this a bug, it is just the normal behavior of containers on SELinux systems. But it is worth a try.

pg-tips · November 9, 2025, 4:15pm

I can see the attraction of VSCode auto-adding the “relabel” bit to the mount spec for you.

On the other hand, the devcontainer JSON is supposed to be an open standard, and you could argue that IDEs shouldn’t be making changes that cause the same JSON to behave differently on different IDEs.

l-c-g · November 9, 2025, 4:20pm

You are on a roll today, teaching me new things. I was actually looking for documentation about the devcontainer.json file (I wasn’t looking too hard, though).

Topic		Replies	Views
Layered-vscode error with new DevContainers - [Solved] Ask Fedora rpm-ostree , vscode , silverblue , f40	35	2426	May 21, 2024
Can't open docker containers in VSCode Ask Fedora kde , wayland , flatpak , docker , vscode , selinux , f39	1	980	April 6, 2024
Docker help on Fedora (SELinux issue?) Ask Fedora f30 , docker , selinux	18	10015	May 17, 2019
Vscode + devcontainers Project Discussion silverblue-team	18	10898	January 29, 2025
Toolbox and root Project Discussion silverblue-team	33	6086	August 8, 2020

Dev container and SELinux

Related topics