Unable to mount on devcontainer mcr.microsoft.com/vscode/devcontainers/base:0-jammy

[kingces95]

I expect

$ mkdir foo bar 
$ sudo mount --bind ./foo/ ./bar/

to work in a codespace launched for this repo using a devcontainer with image

mcr.microsoft.com/vscode/devcontainers/base:0-jammy

just like it works on this branch which uses default universal codespace image.

Actually, I get

$ mkdir foo bar && sudo mount --bind ./foo/ ./bar/
mount: /workspaces/codespace-container/bar: permission denied.

Using strace on the failing command yields:

$ strace sudo mount --bind ./foo/ ./bar/

Effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

When I try to login as root and run without sudo I get the same error. When I run again under strace I get a different log that I captured here. That second log doesn't contain anything I can make sense of. It seems to be looking for a resource string that it cannot find. Maybe that's why there's no specific error message?

The ability to mount enables use of chroot in codespaces.

---

Issue is somewhat related to Use suid so the container does not need to be started as root or have sudo configured · Issue #488 · microsoft/vscode-dev-containers (github.com). That issue seems to indicate sudo may not be properly configured depending on how the container is launched. If that were the only issue here then running as root would have worked. CC @felipers

[kingces95]

Needed to add

 "runArgs": [
        "--cap-add=SYS_PTRACE",
        "--security-opt",
        "seccomp=unconfined",
        "--privileged",
        "--init"
    ],

[kingces95]

I'm gonna suggest we offer a slimmed down version of the universal template.