Docker Path Setting in Dev Containers: not carried through entire process

[ajberlier]

• VSCode Version: 1.95.3

• Local OS Version: Windows 11 Enterprise 22H2

• Remote OS Version: RHEL 8.8 Ootpa

• Remote Extension/Connection Type: Dev Containers

• Logs: I do not feel comfortable sharing the entire log do to information about my machine being in it, but I will share the primary behavior.

The Docker Path setting for the Dev Containers extension is used for running the container, connects to the container, but crashes when Port forwarding 61136 > 40551 > 40551 stderr: Sorry, <user> is not allowed to execute/usr/bin/docker exec -i -u root -e VSCODE_REMOTE_CONTAINERS_SESSION...`

/usr/bin/docker exec needs to be the path to the customer docker executable path that I set in the Dev Containers Docker Path setting. How come the configuration is used in every step prior, but not that this Port forwarding step?

Steps to Reproduce:

1. Change the docker command to a custom executable on the RHEL Server
2. On Windows host launch VSCode
3. From VSCode remote connect to RHEL server
4. Inside that remote RHEL server session, add the path to the custom docker command executable to the Dev Containers settings Docker Path
5. Inside that remote RHEL server session, Reopen Container from devcontainer.json

Does this issue occur when you try this locally?: Yes Does this issue occur when you try this locally and all extensions are disabled?: Yes

[chrmarti]

Not sure, that should all use the same executable. Is the "Sorry, user ... is not allowed" message coming from sudo? That seems to use the same wording.

[ajberlier]

It is not using the same executable according to the logs. The issue is that we are not given sudo permissions or being added to the docker group on this machine for security purposes. There is a whitelisted executable for docker that we can use however. This works for everything, except dev containers at that one step in the log. Everywhere else it is calling the whitelisted executable that was added to the Docker Path setting, but at that step it is trying to call /usr/bin/docker. Any ideas how this could be addressed? I am happy to help hunt down the issue, address the bug, and make a MR if I can sort it out and I would appreciate any support you could provide. Thank you!

[chrmarti]

My guess is that the error in the logs is from sudo denying the wrapper executable to run /usr/bin/docker.

You could check that by using a shell script as your Docker Path setting that logs each run in a file before calling the original wrapper executable.