Skip to content

grzegorzk/vscode_in_podman

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Run VSCode in unprivileged podman container

  • root account not involved

Why

  • Improve host system isolation when running such complex system
  • Easily allow turning off access to host network for this particular program

Run

If you have podman:

make build
make run

If you prefer docker:

make build DOCKER=docker
make run DOCKER=docker

We are forwarding X11 session and PulseAudio into the container, this is the reason why only Linux distributions are currently supported.

Expose source code to the container

Adjust HOST_PATH_TO_PROJECT and CONTAINER_PATH_TO_MOUNT_PROJECT in .makerc

Extensions

Download extensions from any extensions marketplace and drop them to docker_files/extensions, they will be installed next time you issue make run

Settings

VSCode settings on Arch Linux can be found under ~/.config/Code/User/settings.json

Below example shows how settings can be added:

    "telemetry.telemetryLevel": "off",
    "remote.SSH.defaultExtensions": [
        "ms-python.python"
    ],

Example .vscode/launch.json

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "<your launch config name>",
            "type": "python",
            "request": "launch",
            "program": "/path/to/your/program.py",
            "args": [
                "--option-name", "value-1"
                "--another-option-name", "value-2"
            ],
            "env": {
                "IMPORTANT_ENV": "value-3"
            },
            "python": "/path/to/venv/bin/python3.8",
            "justMyCode": false,
        }
    ]
}

Run without network

If you want network not to be available from within the container, set NO_NETWORK=yes when running:

make run NO_NETWORK=yes

Downgrading

If you need to run downgraded version you can look up relevant commit on AUR page of visual-studio-code-bin package

make build VSCODE_PKGBUILD_VERSION=<your PKGBUILD hash>
make run

Example:

  • if you happen to work remotely with code hosted on Ubuntu 18.03 and wanted to build VSCode downgraded to version 1.85.2, you can do this by building the image like below:
make build VSCODE_PKGBUILD_VERSION=902d1f5c27a958c47afd4d18a084478c03bdcb25

Run with nvidia GPU

If you require access to nvidia GPU you need to build and run using WITH_NVIDIA_GPU=yes

make build WITH_NVIDIA_GPU=yes
make run WITH_NVIDIA_GPU=yes

You might have to run nvidia-ctk

Old nvidia GPUs are currently not supported

Troubleshooting

  • If you are using podman and fall into weird issues while running this container please check if your /etc/containers/seccomp.json diverted from https://raw.githubusercontent.com/containers/common/main/pkg/seccomp/seccomp.json To check if seccomp.json might be an issue add --security-opt seccomp=unconfined to podman run options. It is also possible to use downloaded seccomp.json by adding following to podman run options: --security-opt seccomp=/path/to/the/seccomp.json

Thanks

People building Code

People maintaining ArchLinux:

Great teams building products I love:

Good souls who like to help others:

Many other giants

About

Run OSS Code in unprivileged Podman container

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published