Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runArgs in Dev Containers image isn't shared to .devcontainers.json workspace #857

Open
QuentinLeloire opened this issue Jul 11, 2024 · 4 comments
Open

runArgs in Dev Containers image isn't shared to .devcontainers.json workspace #857

QuentinLeloire opened this issue Jul 11, 2024 · 4 comments
Labels
feature-request New feature or request

Comments

@QuentinLeloire
Copy link

QuentinLeloire commented Jul 11, 2024
edited
Loading

Hi, I tried to use runArgs in Dev Containers custom image but this field isn't shared to .devcontainers.json workspace

  • Logs :
  1. when runArgs is set in Dev Containers custom image :
$ docker inspect f | grep PidMode
            "PidMode": "",    # pid isn't set to host
$ docker inspect f | grep NetworkMode
            "NetworkMode": "bridge",    # network isn't set to host
  1. when runArgs is set in Dev Containers workspace that use the custom image :
$ docker inspect f | grep PidMode
            "PidMode": "host",    # pid is set to host

$ docker inspect f | grep NetworkMode
            "NetworkMode": "host",    # network is set to host

Steps to Reproduce :

  1. when runArgs is set in Dev Containers custom image :
// custom image configuration
{
	"name": "Custom image",
	"build": {
		"dockerfile": "Dockerfile",
		"args": {
			"devcontainercli": "true"
		}
	},
	"runArgs": [
		"--network=host",
		"--pid=host"
	],
	"capAdd": ["ALL"],
	"securityOpt": ["seccomp=unconfined"],
	"privileged": true,
        [...]
}

// devcontainer.json workspace configuration
{
	"name": "Dev Containers demo",
	"image": "registry.example.com/example/custom-image:version",
	[...]
}
  1. when runArgs is set in Dev Containers workspace that use the custom image :
// custom image configuration
{
	"name": "Custom image",
	"build": {
		"dockerfile": "Dockerfile",
		"args": {
			"devcontainercli": "true"
		}
	},
	"capAdd": ["ALL"],
	"securityOpt": ["seccomp=unconfined"],
	"privileged": true,
        [...]
}

// devcontainer.json workspace configuration
{
	"name": "Dev Containers demo",
	"image": "registry.example.com/example/custom-image:version",
	"runArgs": [
		"--network=host",
		"--pid=host"
	],
	[...]
}

Thank you !
@AvishayHirsh
Copy link

runArgs is not a field that can be inherited from base image , Take a look at the spec merge-logic :
https://containers.dev/implementors/spec/#merge-logic

so you'll have to put runArgs in the devcontainer.json even though you use base prebuilt image.

@QuentinLeloire
Copy link
Author

Oh okay, is it possible to claim support for network and pid flags like capAdd, privileged and securityOpt does ?

With an implementation like this for example :

{
	"name": "Custom image",
	"build": {
		"dockerfile": "Dockerfile",
		"args": {
			"devcontainercli": "true"
		}
	},
	"capAdd": ["ALL"],
	"securityOpt": ["seccomp=unconfined"],
	"privileged": true,
        "network": "host",
        "pid": "host",
        [...]
}

I think that should be interesting to handle it and can prevent code duplication

@AvishayHirsh
Copy link

Sounds like legit request .... i think you can put it in https://github.com/devcontainers/spec/discussions/categories/ideas

@samruddhikhandale samruddhikhandale added the feature-request New feature or request label Jul 17, 2024
@QuentinLeloire
Copy link
Author

devcontainers/spec#539

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@QuentinLeloire @samruddhikhandale @AvishayHirsh