-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non root devcontainer #458
base: main
Are you sure you want to change the base?
Conversation
b58a99e
to
c180773
Compare
When testing with a fresh container, i get this: 🐋 ~/colcon_ws/src/bitbots_main gc --allow-empty -m "Foo"
ruff.................................................(no files to check)Skipped
ruff-format..........................................(no files to check)Skipped
clang-format.........................................(no files to check)Skipped
cppcheck.............................................(no files to check)Skipped
cmake-format.........................................(no files to check)Skipped
cmake-lint...........................................(no files to check)Skipped
check for merge conflicts............................(no files to check)Skipped
check toml...........................................(no files to check)Skipped
check xml............................................(no files to check)Skipped
check yaml...........................................(no files to check)Skipped
detect private key...................................(no files to check)Skipped
fatal: cannot lock ref 'HEAD': Unable to create '/home/bitbots/colcon_ws/src/bitbots_main/.git/refs/heads/feature/non-root-dev-container.lock': Permission denied |
e9c612d
to
5818cea
Compare
Interesting, I am unable to reproduce the issue. I would assume that the lock file can either not be created due to some issues with permissions or because you have some other git process running already, which has already created the file. |
starting from `~` instead of using the whole path
to prevent issues when interacting with the repository both from within the container and outside the container, due to permissions not being correct
in `Dockerfile`, because the `updateRemoteUserUID` setting of the devcontainer does not change the `GID` of the `containerUser` dynamically to the one of the host user if the group exists in the container already microsoft/vscode-remote-release#2402. In our case the `containerUser` is set to `bitbots`, because it automatically uses the last `USER` instruction from the `Dockerfile` and the `remoteUser` inherits from `containerUser`. For reference see: microsoft/vscode-remote-release#1155
9c2695e
to
a6251c0
Compare
Summary
This fixes the issue, that when utilizing the devcontainer but at the same time interacting with the repository from the host we run into issues, as files within the repo have the wrong
UID/GID
from within the container and are not readable, because we use theroot
user in the container.Proposed changes
bitbots
user withuid=1000, gid=1000
UID
,GID
by utilizingDockerfile
ARG
bitbots
user to run privileged commands by adjusting/etc/sudoers
users
group in the containerWith these changes, the devcontainer will use the
bitbots
user internally, which is initially setup withuid=1000, gid=1000
, but vscode will switch theuid
andgid
dynamically to the one of the host user (see microsoft/vscode-remote-release#1155).Checklist