Vscode + devcontainers

insultan · January 16, 2023, 9:06pm

Hi all,

First post here, so apologies if it’s already been resolved.

I posted the question on vscode issues board, but not sure it’s the right place for it: fedora silverblue + dev containers (docker/podman) · Issue #7802 · microsoft/vscode-remote-release · GitHub Hope I can get some guidance here, thanks in advance!

I am having a difficult time getting vscode + dev containers extensions working on fedora silverblue 37.1.7. On paper, the idea behind the os is very appealing, I just can’t figure out how to properly configure vs code and that extension. Here is what I tried so far and every time I am getting the same problem: vscode does not work correctly with docker/podman.

docker installed directly on the host machine (through rpm-ostree)
my user can execute docker commands
vs code installed through flatpak (and I can confirm I can invoke docker commands from the vs code terminal)
vs code installed directly on the host machine (through rpm-ostree and I can confirm I can invoke docker commands from the vs code terminal)
vs code configured to use podman (podman comes preinstalled in that os) instead of docker

In that last scenario (preinstalled podman + vs code configured to use podman instead of docker for dev containers), I am getting a silent failure when opening a repository in a dev container. When I check the output terminal which starts when the dev container is opening, I get the following message:

2023-01-06 19:40:13.076 [error] {"message":"Command failed: /usr/share/code/code --ms-enable-electron-run-as-node /var/home/piotrjustyna/.vscode/extensions/ms-vscode-remote.remote-containers-0.266.1/dist/spec-node/devContainersSpecCLI.js read-configuration --workspace-folder /var/home/piotrjustyna/Documents/code/haskell-anywhere --log-level debug --log-format json --config /var/home/piotrjustyna/Documents/code/haskell-anywhere/.devcontainer/devcontainer.json --include-merged-configuration --mount-workspace-git-root true","code":1} remote-containers.reopenInContainer {"value":"ms-vscode-remote.remote-containers","c":"ms-vscode-remote.remote-containers"}

When I use vs code with docker (instead of podman), vs code complains with a dialog upon opening a directory in a dev container which states:

Current user does not have permission to run 'docker'. Try adding the user to the 'docker' group (Cancel/Documentation)

even though I can execute docker commands from the vs code terminal (whoami ran in vs code terminal indicates that I’m running the command as myself). The Documentation button leads to the following resource: Linux post-installation steps for Docker Engine but that is unfortunately not 100% applicable in an immutable os.

So what I’m really reporting is a number of potential problems and maybe also a general question: is there a best practices document which handholds users trying to simply:

set up an immutable os
set up vs code
install the dev cotnainers externsion
get coding

a wiki like that would be very useful.

VSCode Version: 1.74.2
Local OS Version: fedora silverblue 37.1.7
Local chip architecture: x64
Reproduces in: Remote - Containers
Name of Dev Container Definition with Issue: irrelevant, problems using containers in general (docker + podman)

Steps to Reproduce:

open a directory in a remote container

vwbusguy · January 16, 2023, 10:58pm

How is vscode installed? I’m using the flatpak for it on Kinoite. If it’s a flatpak, you might be able to tweak it with flatseal.

insultan · January 17, 2023, 11:17am

Thanks @vwbusguy It is now installed through flatpak and I did experiment with flatseal but no joy. I guess what would be really handy is to get a more experienced silverblue user to see what kind of permissions does vscode need to execute docker commands on the host machine. I am happy to turn it into a documentation page/public walkthrough for new users. I believe this could unlock silverblue for many users like me.

castrojo · January 17, 2023, 2:16pm

This might be useful: distrobox/integrate_vscode_distrobox.md at main · 89luca89/distrobox · GitHub

insultan · January 25, 2023, 11:02am

Thanks, I’ll try it as soon as I find a minute.

castrojo · February 9, 2023, 12:13am

This issue has a ton of info that might be worth investigating: Unable to use the docker extension · Issue #55 · flathub/com.visualstudio.code · GitHub

lbssousa · February 13, 2023, 7:46pm

I’m currently able to run VSCode with devcontainers on Fedora Silverblue. I use Flatpak VSCode, but installing it as a layered RPM is much easier. The following additional steps are needed for devcontainers to work with Podman:

In your devcontainer.json file, you must set properties remoteUser and containerUser properly. For example, if you use any base image from Microsoft itself, you must set both properties to vscode.
You must provide a file ~/.config/containers/containers.conf with the following contents:

[containers]
env = [
  "BUILDAH_FORMAT=docker"
]
label = false
userns = "keep-id"

If you’re using Flatpak VSCode, the following additional steps are needed:

Create a wrapper script ~/.local/bin/podman-host with the following contents, and make it executable:

#!/bin/sh
exec flatpak-spawn --host podman "${@}"

Configure Docker Path in your Dev Container extension settings to /var/home/[username]/.local/bin/podman-host
Give your Flatpak write permission to /tmp folder:

flatpak override --filesystem=/tmp com.visualstudio.code

insultan · February 15, 2023, 10:52pm

Perfect, thank you @lbssousa. That was precisely what I was looking for. Went with flatpak vs code and it worked perfectly. I’ll just add that vs code needs to be restarted for the changes to take effect.

yanqiyu · March 15, 2023, 3:04am

If you are using vscode from flatpak, then this script should be fine.

Everything should JUST WORK ™ with the code . command you usually use from normal workstation host.

storopoli · March 25, 2023, 11:36pm

Additionally I had to do this in Fedora Silverblue with podman:

Start podman socket systemd service as a user: systemctl --user enable --now podman.socket
Symlink the podman socket to the docker socket: sudo ln -s /run/user/1000/podman/podman.sock /var/run/docker.sock

lbssousa · May 16, 2023, 2:00pm

These settings are needed if you want to use podman-remote within VSCode Flatpak (e.g. if you have installed flatpak com.visualstudio.code.tool.podman), but not if you invoke podman via flatpak-spawn --host (e.g. by creating a wrapper script in your home folder, as I suggested above).

lbssousa · May 23, 2023, 11:06am

I’ve just found a better approach for step 1 above:

Download host-spawn
Copy host-spawn binary to directory $HOME/.var/app/com.visualstudio.code/data/node_modules/bin (it’s already in Flatpak’s PATH) and make it executable.
Created a symlink to host-spawn named podman in that same directory.
Configure Dev Container VSCode extension Docker path as just podman.

msfz751 · May 13, 2024, 11:54pm

Hello @lbssousa,
I followed your two recommendations to integrate vscode and vscode (flatpak).
Both worked but I only get access to the project folder as root. Screenshot attached.

Is there a way to login as the user that is invoking the podman script?

jakfrost · May 14, 2024, 11:21am

If this is inside the container, the user who invoked it is root.

vwbusguy · May 21, 2024, 4:12pm

Yes - podman can be rootless. You can also use the UID of the user calling it with --user.

   --user, -u=user[:group]
       Sets the username or UID used and, optionally, the groupname or GID for the specified command. Both user and group may be symbolic or numeric.

       Without  this  argument,  the  command  runs  as the user specified in the container image. Unless overridden by a USER command in the Containerfile or by a value
       passed to this option, this user generally defaults to root.

       When a user namespace is not in use, the UID and GID used within the container and on the host match. When user namespaces are in use, however, the UID and GID in
       the container may correspond to another UID and GID on the host. In rootless containers, for example, a user namespace is always used, and root in  the  container
       by default corresponds to the UID and GID of the user invoking Podman.

ap0them · November 27, 2024, 5:59am

In the interest of now leaving too many scripts around and trying not to leave a file path that includes a username in vscode settings, why can’t we just use flatpak-spawn --host podman as the docker path in settings instead of using a script?

I know it doesn’t work (I tried) but why not and can we make it work?

vwbusguy · November 27, 2024, 10:19pm

If you have an idea to improve the experience of devcontainers and podman upstream with VSCode, please definitely do contribute it upstream. I maintain devcontainers on podman infrastructure in my dayjob for some researchers and would love to see podman become more mainstream in that space.

woprandi · January 6, 2025, 6:24pm

On vscode flatpak, host-spawn is already available : GitHub - flathub/com.visualstudio.code

ap0them · January 29, 2025, 10:51pm

I had @lbssousa 's instructions working for a while but recently found that containers are missing privileges and can’t connect despite (seemingly) building fine.

My Logs:
https://privatebin.net/?6a74118eeaedcbbb#7k8rWRGty7EfxeonUATSYKPs2YMBgrCaR1KYJ2NumyZJ

Topic		Replies	Views
Sample vscode java project with podman/docker on silverblue Ask Fedora podman , flatpak , docker , vscode , java , silverblue	3	515	June 5, 2024
Enabling Flatpak VsCode to toolbox containers Ask Fedora	2	1501	October 5, 2024
Vscode new containers thingy Ask Fedora	9	230	May 23, 2025
Layered-vscode error with new DevContainers - [Solved] Ask Fedora rpm-ostree , vscode , silverblue , f40	35	2010	May 21, 2024
Fedora 34 Silverblue - website development container Ask Fedora f34 , silverblue	1	470	November 5, 2021

Vscode + devcontainers

Related topics