scottcwang commented 10 months ago

Observed

Given the following test1/.devcontainer/devcontainer.json (where the image uses vscode as the remoteUser:

{
        "name": "test1",
        "image": "mcr.microsoft.com/devcontainers/rust:bullseye",
        "postCreateCommand": "env ; getent passwd vscode"
}

The postCreateCommand does not run at all, but devcontainer up still returns success:

[2023-12-14T05:08:06.322Z] Stop (425 ms): Starting container
[2023-12-14T05:08:06.322Z] Start: Run: docker ps -q -a --filter label=devcontainer.local_folder=/home/chengyuwang/test1 --filter label=devcontainer.config_file=/home/chengyuwang/test1/.devcontainer/devcontainer.json
[2023-12-14T05:08:06.330Z] Stop (436 ms): Run: docker events --format {{json .}} --filter event=start
[2023-12-14T05:08:06.372Z] Stop (50 ms): Run: docker ps -q -a --filter label=devcontainer.local_folder=/home/chengyuwang/test1 --filter label=devcontainer.config_file=/home/chengyuwang/test1/.devcontainer/devcontainer.json
[2023-12-14T05:08:06.372Z] Start: Run: docker inspect --type container 89e90838d291
[2023-12-14T05:08:06.405Z] Stop (33 ms): Run: docker inspect --type container 89e90838d291
[2023-12-14T05:08:06.406Z] Start: Inspecting container
[2023-12-14T05:08:06.406Z] Start: Run: docker inspect --type container 89e90838d2919ba990d7bc1872f69b709f579e8f9f470c093d53e6e206406eae
[2023-12-14T05:08:06.430Z] Stop (24 ms): Run: docker inspect --type container 89e90838d2919ba990d7bc1872f69b709f579e8f9f470c093d53e6e206406eae
[2023-12-14T05:08:06.431Z] Stop (25 ms): Inspecting container
[2023-12-14T05:08:06.432Z] Start: Run in container: /bin/sh
[2023-12-14T05:08:06.435Z] Start: Run in container: uname -m
[2023-12-14T05:08:06.499Z] x86_64
[2023-12-14T05:08:06.499Z]
[2023-12-14T05:08:06.499Z] Stop (64 ms): Run in container: uname -m
[2023-12-14T05:08:06.500Z] Start: Run in container: (cat /etc/os-release || cat /usr/lib/os-release) 2>/dev/null
[2023-12-14T05:08:06.502Z] PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
[2023-12-14T05:08:06.502Z]
[2023-12-14T05:08:06.502Z] Stop (2 ms): Run in container: (cat /etc/os-release || cat /usr/lib/os-release) 2>/dev/null
[2023-12-14T05:08:06.502Z] Start: Run in container:  (command -v getent >/dev/null 2>&1 && getent passwd 'vscode' || grep -E '^vscode|^[^:]*:[^:]*:vscode:' /etc/passwd || true)        
[2023-12-14T05:08:06.505Z] Stop (3 ms): Run in container:  (command -v getent >/dev/null 2>&1 && getent passwd 'vscode' || grep -E '^vscode|^[^:]*:[^:]*:vscode:' /etc/passwd || true)  
[2023-12-14T05:08:06.506Z] Start: Run in container: test -f '/var/devcontainer/.patchEtcEnvironmentMarker'
[2023-12-14T05:08:06.507Z]
[2023-12-14T05:08:06.507Z]
[2023-12-14T05:08:06.507Z] Exit code 1
[2023-12-14T05:08:06.507Z] Stop (1 ms): Run in container: test -f '/var/devcontainer/.patchEtcEnvironmentMarker'
[2023-12-14T05:08:06.508Z] Start: Run in container: /bin/sh
[2023-12-14T05:08:06.510Z] Start: Run in container: test ! -f '/var/devcontainer/.patchEtcEnvironmentMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcEnvironmentMarker' ; } 2> /dev/null
[2023-12-14T05:08:06.621Z] 
[2023-12-14T05:08:06.621Z]
[2023-12-14T05:08:06.621Z] Stop (111 ms): Run in container: test ! -f '/var/devcontainer/.patchEtcEnvironmentMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcEnvironmentMarker' ; } 2> /dev/null
[2023-12-14T05:08:06.621Z] Start: Run in container: cat >> /etc/environment <<'etcEnvrionmentEOF'
[2023-12-14T05:08:06.626Z]
[2023-12-14T05:08:06.626Z]
[2023-12-14T05:08:06.626Z] Stop (5 ms): Run in container: cat >> /etc/environment <<'etcEnvrionmentEOF'
[2023-12-14T05:08:06.627Z] Start: Run in container: test -f '/var/devcontainer/.patchEtcProfileMarker'
[2023-12-14T05:08:06.628Z]
[2023-12-14T05:08:06.628Z]
[2023-12-14T05:08:06.628Z] Exit code 1
[2023-12-14T05:08:06.628Z] Stop (1 ms): Run in container: test -f '/var/devcontainer/.patchEtcProfileMarker'
[2023-12-14T05:08:06.629Z] Start: Run in container: test ! -f '/var/devcontainer/.patchEtcProfileMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcProfileMarker' ; } 2> /dev/null
[2023-12-14T05:08:06.632Z]
[2023-12-14T05:08:06.632Z]
[2023-12-14T05:08:06.632Z] Stop (3 ms): Run in container: test ! -f '/var/devcontainer/.patchEtcProfileMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcProfileMarker' ; } 2> /dev/null
[2023-12-14T05:08:06.633Z] Start: Run in container: sed -i -E 's/((^|\s)PATH=)([^\$]*)$/\1${PATH:-\3}/g' /etc/profile || true
[2023-12-14T05:08:06.636Z]
[2023-12-14T05:08:06.636Z]
[2023-12-14T05:08:06.636Z] Stop (3 ms): Run in container: sed -i -E 's/((^|\s)PATH=)([^\$]*)$/\1${PATH:-\3}/g' /etc/profile || true
[2023-12-14T05:08:06.637Z] userEnvProbe: loginInteractiveShell (default)
[2023-12-14T05:08:06.637Z] LifecycleCommandExecutionMap: {
    "onCreateCommand": [],
    "updateContentCommand": [],
    "postCreateCommand": [
        {
            "origin": "devcontainer.json",
            "command": "env ; getent passwd vscode"
        }
    ],
    "postStartCommand": [],
    "postAttachCommand": [],
    "initializeCommand": []
}
[2023-12-14T05:08:06.637Z] userEnvProbe: not found in cache
[2023-12-14T05:08:06.638Z] userEnvProbe shell: /bin/bash
[2023-12-14T05:08:06.639Z] Start: Run in container: /bin/bash -lic echo -n 99946161-8e7c-49e4-959e-a7c9b80e152e; cat /proc/self/environ; echo -n 99946161-8e7c-49e4-959e-a7c9b80e152e   
[2023-12-14T05:08:06.639Z] Start: Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.onCreateCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:08:05.93221787Z}" != '2023-12-14T05:08:05.93221787Z' ] && echo '2023-12-14T05:08:05.93221787Z' > '/root/.devcontainer/.onCreateCommandMarker'
[2023-12-14T05:08:06.642Z]
[2023-12-14T05:08:06.642Z] mkdir: cannot create directory '/root': Permission denied        
[2023-12-14T05:08:06.643Z] Exit code 1
[2023-12-14T05:08:06.643Z] Stop (4 ms): Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.onCreateCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:08:05.93221787Z}" != '2023-12-14T05:08:05.93221787Z' ] && echo '2023-12-14T05:08:05.93221787Z' > '/root/.devcontainer/.onCreateCommandMarker'
[2023-12-14T05:08:06.643Z] Start: Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.updateContentCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:08:05.93221787Z}" != '2023-12-14T05:08:05.93221787Z' ] && echo '2023-12-14T05:08:05.93221787Z' > '/root/.devcontainer/.updateContentCommandMarker'
[2023-12-14T05:08:06.646Z]
[2023-12-14T05:08:06.646Z] mkdir: cannot create directory '/root': Permission denied        
[2023-12-14T05:08:06.646Z] Exit code 1
[2023-12-14T05:08:06.646Z] Stop (3 ms): Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.updateContentCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:08:05.93221787Z}" != '2023-12-14T05:08:05.93221787Z' ] && echo '2023-12-14T05:08:05.93221787Z' > '/root/.devcontainer/.updateContentCommandMarker'     
[2023-12-14T05:08:06.646Z] Start: Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.postCreateCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:08:05.93221787Z}" != '2023-12-14T05:08:05.93221787Z' ] && echo '2023-12-14T05:08:05.93221787Z' > '/root/.devcontainer/.postCreateCommandMarker'
[2023-12-14T05:08:06.650Z]
[2023-12-14T05:08:06.650Z] mkdir: cannot create directory '/root': Permission denied        
[2023-12-14T05:08:06.650Z] Exit code 1
[2023-12-14T05:08:06.650Z] Stop (4 ms): Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.postCreateCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:08:05.93221787Z}" != '2023-12-14T05:08:05.93221787Z' ] && echo '2023-12-14T05:08:05.93221787Z' > '/root/.devcontainer/.postCreateCommandMarker'
[2023-12-14T05:08:06.651Z] Start: Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.postStartCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:08:06.13861885Z}" != '2023-12-14T05:08:06.13861885Z' ] && echo '2023-12-14T05:08:06.13861885Z' > '/root/.devcontainer/.postStartCommandMarker'
[2023-12-14T05:08:06.654Z]
[2023-12-14T05:08:06.654Z] mkdir: cannot create directory '/root': Permission denied        
[2023-12-14T05:08:06.654Z] Exit code 1
[2023-12-14T05:08:06.655Z] Stop (4 ms): Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.postStartCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:08:06.13861885Z}" != '2023-12-14T05:08:06.13861885Z' ] && echo '2023-12-14T05:08:06.13861885Z' > '/root/.devcontainer/.postStartCommandMarker'
[2023-12-14T05:08:06.655Z] Stop (6111 ms): Resolving Remote
{"outcome":"success","containerId":"89e90838d2919ba990d7bc1872f69b709f579e8f9f470c093d53e6e206406eae","remoteUser":"vscode","remoteWorkspaceFolder":"/workspaces/test1"}

However, setting remoteUser to root, as in this test2/.devcontainer/devcontainer.json:

{
        "name": "test2",
        "image": "mcr.microsoft.com/devcontainers/rust:bullseye",
        "postCreateCommand": "env ; getent passwd vscode",
        "remoteUser": "root"
}

allows the postCreateCommand to run:

[2023-12-14T05:13:49.571Z] Stop (530 ms): Starting container
[2023-12-14T05:13:49.572Z] Start: Run: docker ps -q -a --filter label=devcontainer.local_folder=/home/chengyuwang/test2 --filter label=devcontainer.config_file=/home/chengyuwang/test2/.devcontainer/devcontainer.json
[2023-12-14T05:13:49.575Z] Stop (536 ms): Run: docker events --format {{json .}} --filter event=start
[2023-12-14T05:13:49.601Z] Stop (29 ms): Run: docker ps -q -a --filter label=devcontainer.local_folder=/home/chengyuwang/test2 --filter label=devcontainer.config_file=/home/chengyuwang/test2/.devcontainer/devcontainer.json
[2023-12-14T05:13:49.601Z] Start: Run: docker inspect --type container 46ce35e53505
[2023-12-14T05:13:49.628Z] Stop (27 ms): Run: docker inspect --type container 46ce35e53505  
[2023-12-14T05:13:49.628Z] Start: Inspecting container
[2023-12-14T05:13:49.629Z] Start: Run: docker inspect --type container 46ce35e535056a9673f8a2a8067b0ac549ba43bbbd6ba94a70a281420730dd17
[2023-12-14T05:13:49.655Z] Stop (26 ms): Run: docker inspect --type container 46ce35e535056a9673f8a2a8067b0ac549ba43bbbd6ba94a70a281420730dd17
[2023-12-14T05:13:49.655Z] Stop (27 ms): Inspecting container
[2023-12-14T05:13:49.657Z] Start: Run in container: /bin/sh
[2023-12-14T05:13:49.660Z] Start: Run in container: uname -m
[2023-12-14T05:13:49.756Z] x86_64
[2023-12-14T05:13:49.756Z]
[2023-12-14T05:13:49.756Z] Stop (96 ms): Run in container: uname -m
[2023-12-14T05:13:49.756Z] Start: Run in container: (cat /etc/os-release || cat /usr/lib/os-release) 2>/dev/null
[2023-12-14T05:13:49.759Z] PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
[2023-12-14T05:13:49.759Z]
[2023-12-14T05:13:49.759Z] Stop (3 ms): Run in container: (cat /etc/os-release || cat /usr/lib/os-release) 2>/dev/null
[2023-12-14T05:13:49.760Z] Start: Run in container:  (command -v getent >/dev/null 2>&1 && getent passwd 'root' || grep -E '^root|^[^:]*:[^:]*:root:' /etc/passwd || true)
[2023-12-14T05:13:49.764Z] Stop (4 ms): Run in container:  (command -v getent >/dev/null 2>&1 && getent passwd 'root' || grep -E '^root|^[^:]*:[^:]*:root:' /etc/passwd || true)        
[2023-12-14T05:13:49.766Z] Start: Run in container: test -f '/var/devcontainer/.patchEtcEnvironmentMarker'
[2023-12-14T05:13:49.768Z]
[2023-12-14T05:13:49.768Z]
[2023-12-14T05:13:49.768Z] Exit code 1
[2023-12-14T05:13:49.768Z] Stop (2 ms): Run in container: test -f '/var/devcontainer/.patchEtcEnvironmentMarker'
[2023-12-14T05:13:49.769Z] Start: Run in container: test ! -f '/var/devcontainer/.patchEtcEnvironmentMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcEnvironmentMarker' ; } 2> /dev/null
[2023-12-14T05:13:49.773Z]
[2023-12-14T05:13:49.773Z]
[2023-12-14T05:13:49.773Z] Stop (4 ms): Run in container: test ! -f '/var/devcontainer/.patchEtcEnvironmentMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcEnvironmentMarker' ; } 2> /dev/null
[2023-12-14T05:13:49.773Z] Start: Run in container: cat >> /etc/environment <<'etcEnvrionmentEOF'
[2023-12-14T05:13:49.776Z]
[2023-12-14T05:13:49.776Z]
[2023-12-14T05:13:49.776Z] Stop (3 ms): Run in container: cat >> /etc/environment <<'etcEnvrionmentEOF'
[2023-12-14T05:13:49.776Z] Start: Run in container: test -f '/var/devcontainer/.patchEtcProfileMarker'
[2023-12-14T05:13:49.777Z]
[2023-12-14T05:13:49.777Z]
[2023-12-14T05:13:49.777Z] Exit code 1
[2023-12-14T05:13:49.777Z] Stop (1 ms): Run in container: test -f '/var/devcontainer/.patchEtcProfileMarker'
[2023-12-14T05:13:49.778Z] Start: Run in container: test ! -f '/var/devcontainer/.patchEtcProfileMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcProfileMarker' ; } 2> /dev/null
[2023-12-14T05:13:49.781Z]
[2023-12-14T05:13:49.781Z]
[2023-12-14T05:13:49.781Z] Stop (3 ms): Run in container: test ! -f '/var/devcontainer/.patchEtcProfileMarker' && set -o noclobber && mkdir -p '/var/devcontainer' && { > '/var/devcontainer/.patchEtcProfileMarker' ; } 2> /dev/null
[2023-12-14T05:13:49.781Z] Start: Run in container: sed -i -E 's/((^|\s)PATH=)([^\$]*)$/\1${PATH:-\3}/g' /etc/profile || true
[2023-12-14T05:13:49.784Z]
[2023-12-14T05:13:49.784Z]
[2023-12-14T05:13:49.784Z] Stop (3 ms): Run in container: sed -i -E 's/((^|\s)PATH=)([^\$]*)$/\1${PATH:-\3}/g' /etc/profile || true
[2023-12-14T05:13:49.785Z] userEnvProbe: loginInteractiveShell (default)
[2023-12-14T05:13:49.785Z] LifecycleCommandExecutionMap: {
    "onCreateCommand": [],
    "updateContentCommand": [],
    "postCreateCommand": [
        {
            "origin": "devcontainer.json",
            "command": "env ; getent passwd vscode"
        }
    ],
    "postStartCommand": [],
    "postAttachCommand": [],
    "initializeCommand": []
}
[2023-12-14T05:13:49.785Z] userEnvProbe: not found in cache
[2023-12-14T05:13:49.786Z] userEnvProbe shell: /bin/bash
[2023-12-14T05:13:49.786Z] Start: Run in container: /bin/bash -lic echo -n 28169a1e-2dfb-446c-ba33-b81841db83b7; cat /proc/self/environ; echo -n 28169a1e-2dfb-446c-ba33-b81841db83b7   
[2023-12-14T05:13:49.787Z] Start: Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.onCreateCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:13:49.075711393Z}" != '2023-12-14T05:13:49.075711393Z' ] && echo '2023-12-14T05:13:49.075711393Z' > '/root/.devcontainer/.onCreateCommandMarker'
[2023-12-14T05:13:49.791Z]
[2023-12-14T05:13:49.791Z]
[2023-12-14T05:13:49.791Z] Stop (4 ms): Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.onCreateCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:13:49.075711393Z}" != '2023-12-14T05:13:49.075711393Z' ] && echo '2023-12-14T05:13:49.075711393Z' > '/root/.devcontainer/.onCreateCommandMarker'
[2023-12-14T05:13:49.792Z] Start: Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.updateContentCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:13:49.075711393Z}" != '2023-12-14T05:13:49.075711393Z' ] && echo '2023-12-14T05:13:49.075711393Z' > '/root/.devcontainer/.updateContentCommandMarker'        
[2023-12-14T05:13:49.796Z]
[2023-12-14T05:13:49.796Z]
[2023-12-14T05:13:49.796Z] Stop (4 ms): Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.updateContentCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:13:49.075711393Z}" != '2023-12-14T05:13:49.075711393Z' ] && echo '2023-12-14T05:13:49.075711393Z' > '/root/.devcontainer/.updateContentCommandMarker'  
[2023-12-14T05:13:49.796Z] Start: Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.postCreateCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:13:49.075711393Z}" != '2023-12-14T05:13:49.075711393Z' ] && echo '2023-12-14T05:13:49.075711393Z' > '/root/.devcontainer/.postCreateCommandMarker'
[2023-12-14T05:13:49.800Z]
[2023-12-14T05:13:49.800Z]
[2023-12-14T05:13:49.800Z] Stop (4 ms): Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.postCreateCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:13:49.075711393Z}" != '2023-12-14T05:13:49.075711393Z' ] && echo '2023-12-14T05:13:49.075711393Z' > '/root/.devcontainer/.postCreateCommandMarker'        
[2023-12-14T05:13:49.801Z] Running the postCreateCommand from devcontainer.json...

[2023-12-14T05:13:49.912Z] Stop (126 ms): Run in container: /bin/bash -lic echo -n 28169a1e-2dfb-446c-ba33-b81841db83b7; cat /proc/self/environ; echo -n 28169a1e-2dfb-446c-ba33-b81841db83b7
[2023-12-14T05:13:49.912Z] 28169a1e-2dfb-446c-ba33-b81841db83b7PWD=/container=podmanHOME=/rootCARGO_HOME=/usr/local/cargoRUSTUP_HOME=/usr/local/rustupUSER=rootSHLVL=1PROMPT_DIRTRIM=4RUST_VERSION=1.74.1PATH=/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin_=/bin/cat28169a1e-2dfb-446c-ba33-b81841db83b7
[2023-12-14T05:13:49.912Z] bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell

[2023-12-14T05:13:49.913Z] userEnvProbe parsed: {
  "PWD": "/",
  "container": "podman",
  "HOME": "/root",
  "CARGO_HOME": "/usr/local/cargo",
  "RUSTUP_HOME": "/usr/local/rustup",
  "USER": "root",
  "SHLVL": "1",
  "PROMPT_DIRTRIM": "4",
  "RUST_VERSION": "1.74.1",
  "PATH": "/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin",
  "_": "/bin/cat"
}
[2023-12-14T05:13:49.913Z] userEnvProbe PATHs:
Probe:     '/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin'
Container: '/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
[2023-12-14T05:13:49.914Z] Start: Run in container: /bin/sh -c env ; getent passwd vscode   
[2023-12-14T05:13:49.984Z] USER=root
SHLVL=1
HOME=/root
container=podman
_=/bin/cat
PROMPT_DIRTRIM=4
RUSTUP_HOME=/usr/local/rustup
PATH=/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin
RUST_VERSION=1.74.1
PWD=/workspaces/test2
CARGO_HOME=/usr/local/cargo
[2023-12-14T05:13:49.986Z] vscode:x:1000:1000::/home/vscode:/bin/bash
[2023-12-14T05:13:50.047Z] Stop (133 ms): Run in container: /bin/sh -c env ; getent passwd vscode
[2023-12-14T05:13:50.049Z] Start: Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.postStartCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:13:49.295267886Z}" != '2023-12-14T05:13:49.295267886Z' ] && echo '2023-12-14T05:13:49.295267886Z' > '/root/.devcontainer/.postStartCommandMarker'
[2023-12-14T05:13:50.058Z] 
[2023-12-14T05:13:50.058Z]
[2023-12-14T05:13:50.059Z] Stop (10 ms): Run in container: mkdir -p '/root/.devcontainer' && CONTENT="$(cat '/root/.devcontainer/.postStartCommandMarker' 2>/dev/null || echo ENOENT)" && [ "${CONTENT:-2023-12-14T05:13:49.295267886Z}" != '2023-12-14T05:13:49.295267886Z' ] && echo '2023-12-14T05:13:49.295267886Z' > '/root/.devcontainer/.postStartCommandMarker'
[2023-12-14T05:13:50.059Z] Stop (1528 ms): Resolving Remote
{"outcome":"success","containerId":"46ce35e535056a9673f8a2a8067b0ac549ba43bbbd6ba94a70a281420730dd17","remoteUser":"root","remoteWorkspaceFolder":"/workspaces/test2"}

Expected

Lifecycle commands should run successfully as the specified remoteUser
Marker files should be correctly written to /root/.devcontainer regardless of who the remoteUser is (or, more generally, this should work as designed)
If not both of the above, devcontainer up should fail

bamurtaugh commented 8 months ago

Thanks for taking the time to share this. @joshspicer I'd love to get your thoughts!

joshspicer commented 8 months ago

Thanks for the report!

I am not able to reproduce in Codespaces (copied your repro to here if you'd like to try), or locally with the latest version of the CLI on my Mac (using Docker desktop as the engine).

One thing that stands out to me is that you appear to be using podman as the container runtime. I suspect that's what causing this behavior.

Could you please share more specific details about the container runtime and your local environment?

Codespaces

...
...
2024-01-26 01:00:56.019Z: @devcontainers/cli 0.54.2. Node.js v18.19.0. linux 6.2.0-1018-azure x64.
2024-01-26 01:00:56.449Z: Running the postCreateCommand from devcontainer.json...

2024-01-26 01:00:56.449Z: env ; getent passwd vscode
2024-01-26 01:00:56.677Z: GITHUB_TOKEN=********
GITHUB_CODESPACE_TOKEN=********
USER=vscode
HOSTNAME=codespaces-bb5a32
SHLVL=1
GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN=********
HOME=/home/vscode
OLDPWD=/
CODESPACES=********
...
...
GITHUB_REPOSITORY=********
RUST_VERSION=1.75.0
INTERNAL_VSCS_TARGET_URL=********
PWD=/workspaces/lifecycle-hook-nonroot

CODESPACE_NAME=********
2024-01-26 01:00:56.677Z: vscode:x:1000:1000::/home/vscode:/bin/bash

macOS

[/tmp/lifecycle-hook-nonroot]$ devcontainer up --workspace-folder .                                                                                     [main]
[1 ms] @devcontainers/cli 0.56.1. Node.js v21.5.0. darwin 23.2.0 arm64.
bullseye: Pulling from devcontainers/rust
396a672fee8b: Pull complete
010797996cc8: Pull complete
70092c2a6b38: Pull complete
0cc4a505c38c: Pull complete
2b84a6755876: Pull complete
b2b660dea17e: Pull complete
e3d4c4bd8edf: Pull complete
d9001fc11894: Pull complete
121c45753b1c: Pull complete
f9309211e334: Pull complete
856b37b17c05: Pull complete
81f80730bc41: Pull complete
ac7f7e78f95e: Pull complete
Digest: sha256:a0435af438f3a2db733ce96ed7e10482f39aa76a4b8b83d09c5e69a13e7c684d
Status: Downloaded newer image for mcr.microsoft.com/devcontainers/rust:bullseye
mcr.microsoft.com/devcontainers/rust:bullseye
[58329 ms] Start: Run: docker run --sig-proxy=false -a STDOUT -a STDERR --mount type=bind,source=/private/tmp/lifecycle-hook-nonroot,target=/workspaces/lifecycle-hook-nonroot,consistency=cached -l devcontainer.local_folder=/private/tmp/lifecycle-hook-nonroot -l devcontainer.config_file=/private/tmp/lifecycle-hook-nonroot/.devcontainer/devcontainer.json --cap-add SYS_PTRACE --security-opt seccomp=unconfined --entrypoint /bin/sh -l devcontainer.metadata=[{"id":"ghcr.io/devcontainers/features/common-utils:2"},{"id":"ghcr.io/devcontainers/features/git:1"},{"id":"ghcr.io/devcontainers/features/rust:1","capAdd":["SYS_PTRACE"],"securityOpt":["seccomp=unconfined"],"customizations":{"vscode":{"extensions":["vadimcn.vscode-lldb","rust-lang.rust-analyzer","tamasfe.even-better-toml","serayuzgur.crates"],"settings":{"files.watcherExclude":{"**/target/**":true}}}}},{"remoteUser":"vscode"},{"postCreateCommand":"env ; getent passwd vscode"}] mcr.microsoft.com/devcontainers/rust:bullseye -c echo Container started
Container started
Running the postCreateCommand from devcontainer.json...

USER=vscode
HOSTNAME=671ae88f75a3
SHLVL=1
HOME=/home/vscode
_=/bin/cat
PROMPT_DIRTRIM=4
TERM=xterm
RUSTUP_HOME=/usr/local/rustup
PATH=/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/vscode/.local/bin
LS_COLORS=
RUST_VERSION=1.75.0
PWD=/workspaces/lifecycle-hook-nonroot
CARGO_HOME=/usr/local/cargo
vscode:x:1000:1000::/home/vscode:/bin/bash
{"outcome":"success","containerId":"671ae88f75a329252b7a16b3c6ae1d6234005a176a2ca2f9fea1bb01e085f8df","remoteUser":"vscode","remoteWorkspaceFolder":"/workspaces/lifecycle-hook-nonroot"}
[/tmp/lifecycle-hook-nonroot]$[/tmp/lifecycle-hook-nonroot]$ devcontainer up --workspace-folder .                                                                                     [main]
[1 ms] @devcontainers/cli 0.56.1. Node.js v21.5.0. darwin 23.2.0 arm64.
bullseye: Pulling from devcontainers/rust
396a672fee8b: Pull complete
010797996cc8: Pull complete
70092c2a6b38: Pull complete
0cc4a505c38c: Pull complete
2b84a6755876: Pull complete
b2b660dea17e: Pull complete
e3d4c4bd8edf: Pull complete
d9001fc11894: Pull complete
121c45753b1c: Pull complete
f9309211e334: Pull complete
856b37b17c05: Pull complete
81f80730bc41: Pull complete
ac7f7e78f95e: Pull complete
Digest: sha256:a0435af438f3a2db733ce96ed7e10482f39aa76a4b8b83d09c5e69a13e7c684d
Status: Downloaded newer image for mcr.microsoft.com/devcontainers/rust:bullseye
mcr.microsoft.com/devcontainers/rust:bullseye
[58329 ms] Start: Run: docker run --sig-proxy=false -a STDOUT -a STDERR --mount type=bind,source=/private/tmp/lifecycle-hook-nonroot,target=/workspaces/lifecycle-hook-nonroot,consistency=cached -l devcontainer.local_folder=/private/tmp/lifecycle-hook-nonroot -l devcontainer.config_file=/private/tmp/lifecycle-hook-nonroot/.devcontainer/devcontainer.json --cap-add SYS_PTRACE --security-opt seccomp=unconfined --entrypoint /bin/sh -l devcontainer.metadata=[{"id":"ghcr.io/devcontainers/features/common-utils:2"},{"id":"ghcr.io/devcontainers/features/git:1"},{"id":"ghcr.io/devcontainers/features/rust:1","capAdd":["SYS_PTRACE"],"securityOpt":["seccomp=unconfined"],"customizations":{"vscode":{"extensions":["vadimcn.vscode-lldb","rust-lang.rust-analyzer","tamasfe.even-better-toml","serayuzgur.crates"],"settings":{"files.watcherExclude":{"**/target/**":true}}}}},{"remoteUser":"vscode"},{"postCreateCommand":"env ; getent passwd vscode"}] mcr.microsoft.com/devcontainers/rust:bullseye -c echo Container started
Container started
Running the postCreateCommand from devcontainer.json...

USER=vscode
HOSTNAME=671ae88f75a3
SHLVL=1
HOME=/home/vscode
_=/bin/cat
PROMPT_DIRTRIM=4
TERM=xterm
RUSTUP_HOME=/usr/local/rustup
PATH=/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/vscode/.local/bin
LS_COLORS=
RUST_VERSION=1.75.0
PWD=/workspaces/lifecycle-hook-nonroot
CARGO_HOME=/usr/local/cargo
vscode:x:1000:1000::/home/vscode:/bin/bash
{"outcome":"success","containerId":"671ae88f75a329252b7a16b3c6ae1d6234005a176a2ca2f9fea1bb01e085f8df","remoteUser":"vscode","remoteWorkspaceFolder":"/workspaces/lifecycle-hook-nonroot"}
[/tmp/lifecycle-hook-nonroot]$

scottcwang commented 8 months ago

Thanks @joshspicer. Indeed, I am using the podman container engine on Fedora 39. Wow, I'm not sure how I forgot to mention that crucial detail. Sorry about that.

In my setup, I have the docker socket symlinked to my user's rootless podman socket, so that the docker CLI connects to the rootless podman engine:

sudo ln --force --symbolic /run/user/$(id --user)/podman/podman.sock /var/run/docker.sock
devcontainer up --workspace-folder test1 --log-level verbose

Now, if I do podman exec --latest whoami, I get root, and podman exec --latest mkdir -p /root/.devcontainer succeeds (and podman exec --latest ls /root shows the directory correctly). But if I instead do podman exec --user vscode --latest mkdir -p /root/.devcontainer, I get mkdir: cannot create directory '/root': Permission denied, which is the same error message as reported above in the devcontainer debug logs. So it seems as though devcontainer is trying to run mkdir -p /root/.devcontainer as the remoteUser user, whereas it should be running it as root. I'm not sure why docker doesn't have this problem.

This issue also occurs when running podman as root:

sudo systemctl enable --now podman.socket
sudo ln --force --symbolic /run/podman/podman.sock /var/run/docker.sock
sudo devcontainer up --workspace-folder test1 --log-level verbose

viktorianer commented 2 weeks ago

To address the issue in the Podman environment where the postCreateCommand is not executed, you can use the following workaround:

Workaround:

Preferred Solution: Add "containerUser": "vscode" to the .devcontainer/devcontainer.json file. This ensures that all commands are run as the vscode user, preventing permission issues that occur when commands attempt to run as root.

Alternative Solution: Add user: "vscode" to the service definition in .devcontainer/compose.yaml, which is defined as the execution service in the "service" field of the .devcontainer/devcontainer.json. This also forces the container to use the vscode user.

This resolves the permission issues with Podman where the container might incorrectly attempt to run commands as root, causing failures with postCreateCommand.

devcontainers / cli

Lifecycle commands do not execute if `remoteUser` is not root #708

Observed

Expected

Codespaces

macOS

Workaround: