Regression: Feature entrypoints run as remoteUser

[Chuxel]

From microsoft/vscode-dev-containers#1517. It appears that feature entrypoints are run as remoteUser instead of the containerUser as expected. In the repro below, commenting out remoteUser causes things to function - the only reason sudo would get tripped is if the script is not being run as root.

//cc @joshspicer @edgonmsft @jkeech @chrmarti @bamurtaugh @harrywithers

---

• VSCode Version: 1.68.1
• Local OS Version: macOS Monterey 12.3.1
• Local chip architecture: Intel Core i7
• Reproduces in: Remote - Containers
• Name of Dev Container Definition with Issue: docker-in-docker

Steps to Reproduce:

1. Create a devcontainer file and docker file with the following configuration

{
    "name": "name",
    "build": {
        "dockerfile": "./Dockerfile"
    },
    "remoteUser": "node",
    "features": {
        "docker-in-docker": "latest",
    }
}

FROM node:16.14.0

2. Reopen in dev container
3. Run docker ps in the dev container

Result:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

But expected docker to be up and running in the container.

Docker container log:

Container started
/usr/local/share/docker-init.sh: 65: /usr/local/share/docker-init.sh: sudo: not found

Docker version output in dev container:

Client:
 Version:           20.10.17+azure-1
 API version:       1.41
 Go version:        go1.17.11
 Git commit:        100c70180fde3601def79a59cc3e996aa553c9b9
 Built:             Mon Jun  6 21:36:39 UTC 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Docker version output locally

Client:
 Cloud integration: v1.0.25
 Version:           20.10.16
 API version:       1.41
 Go version:        go1.17.10
 Git commit:        aa7e414
 Built:             Thu May 12 09:20:34 2022
 OS/Arch:           darwin/amd64
 Context:           default
 Experimental:      true

Server: Docker Desktop 4.9.1 (81317)
 Engine:
  Version:          20.10.16
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.10
  Git commit:       f756502
  Built:            Thu May 12 09:15:42 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.4
  GitCommit:        212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
 runc:
  Version:          1.1.1
  GitCommit:        v1.1.1-0-g52de29d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Example repository:
https://github.com/harrywithers/broken-dind

Seemed to be working fine a week or so ago, I've got a few projects using this setup and all of them now fail to start docker.

Anyone know how to fix this? Thanks in advance!

[chrmarti]

Fixed in Remote-Containers 0.241.2-pre-release and Dev Containers CLI 0.7.1. The fix doesn't cover all cases as it is difficult to get at the user before we switch to root for the features install. Continuing in #78.