Hello there,
I have a couple projects that need a lot of dependencies installed for development, so naturally I wanted to use dev containers with VSCode. I am using a rootless docker setup for the runtime.
The dev container can use either a bind mount like the following:
devcontainer.json:
"mounts": [
"source=${localWorkspaceFolder},target=/workspaces,type=bind,consistency=cached"
]
Or a manual volume mount like this:
devcontainer.json:
"runArgs": [
"--volume=/home/user/Code/project:/workspace:z"
]
Both variants work as long as the user I start the dev container with, the user I am inside the container, is the root user. So far this makes sense to me, I am having a rootless docker setup so my user account on the host gets mapped to the root user in the container.
I wanted to harden the setup inside the container since I am am going to install a large number of dependencies, so of which might be considered untrustworty until I have reviewed them. I wanted to create a non-root user inside the container, which in itself is easy.
The problem however is if I am mapping a folder from the host, with either methods above, to a non-root user inside the container the non-root user does not have permissions to access the files, neither create nor write.
The kind of user mapping at play here is a mystery to me so I have no idea how to solve this.
Any help and tips how to handle this will be greatly appreciated.