Terraform:1 - Permission denied on /tmp when using universal image

[Yokutto]

Hi,

When using the terraform feature with universal image, the step 6/9 in build stage throws with this error:

Relevant logs

[2025-09-18T18:30:27.852Z] [2/2] STEP 6/9: RUN --mount=type=bind,from=dev_containers_feature_content_source,source=terraform_0,target=/tmp/build-features-src/terraform_0     cp -ar /tmp/build-features-src/terraform_0 /tmp/dev-container-features  && chmod -R 0755 /tmp/dev-container-features/terraform_0  && cd /tmp/dev-container-features/terraform_0  && chmod +x ./devcontainer-features-install.sh  && ./devcontainer-features-install.sh  && rm -rf /tmp/dev-container-features/terraform_0
[2025-09-18T18:30:28.071Z] cp: cannot stat '/tmp/build-features-src/terraform_0/NOTES.md': Permission denied
cp: cannot stat '/tmp/build-features-src/terraform_0/README.md': Permission denied
cp: cannot stat '/tmp/build-features-src/terraform_0/devcontainer-feature.json': Permission denied
cp: cannot stat '/tmp/build-features-src/terraform_0/devcontainer-features-install.sh': Permission denied
cp: cannot stat '/tmp/build-features-src/terraform_0/devcontainer-features.env': Permission denied
cp: cannot stat '/tmp/build-features-src/terraform_0/install.sh': Permission denied
[2025-09-18T18:30:28.113Z] Error: building at STEP "RUN --mount=type=bind,from=dev_containers_feature_content_source,source=terraform_0,target=/tmp/build-features-src/terraform_0 cp -ar /tmp/build-features-src/terraform_0 /tmp/dev-container-features  && chmod -R 0755 /tmp/dev-container-features/terraform_0  && cd /tmp/dev-container-features/terraform_0  && chmod +x ./devcontainer-features-install.sh  && ./devcontainer-features-install.sh  && rm -rf /tmp/dev-container-features/terraform_0": while running runtime: exit status 1

[2025-09-18T18:30:28.115Z] Stop (3976 ms): Run: /app/tools/podman/bin/podman-remote buildx build --load --build-context dev_containers_feature_content_source=/tmp/devcontainercli-[REDACTED_USER]/container-features/0.80.1-1758220223276 --no-cache --build-arg _DEV_CONTAINERS_BASE_IMAGE=mcr.microsoft.com/devcontainers/universal:latest --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp --target dev_containers_target_stage -f /tmp/devcontainercli-[REDACTED_USER]/container-features/0.80.1-1758220223276/Dockerfile.extended -t vsc-terraform.infrastructure-63d480d6908cbb2b01b51a6058fcb741db066272a5327a28bb563484dfd6e0bb-features /var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data/empty-folder
[2025-09-18T18:30:28.115Z] Error: Command failed: /app/tools/podman/bin/podman-remote buildx build --load --build-context dev_containers_feature_content_source=/tmp/devcontainercli-[REDACTED_USER]/container-features/0.80.1-1758220223276 --no-cache --build-arg _DEV_CONTAINERS_BASE_IMAGE=mcr.microsoft.com/devcontainers/universal:latest --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp --target dev_containers_target_stage -f /tmp/devcontainercli-[REDACTED_USER]/container-features/0.80.1-1758220223276/Dockerfile.extended -t vsc-terraform.infrastructure-63d480d6908cbb2b01b51a6058fcb741db066272a5327a28bb563484dfd6e0bb-features /var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data/empty-folder
[2025-09-18T18:30:28.115Z]     at w6 (/var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js:467:1253)
[2025-09-18T18:30:28.115Z]     at ax (/var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js:467:997)
[2025-09-18T18:30:28.115Z]     at async Y6 (/var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js:484:3842)
[2025-09-18T18:30:28.115Z]     at async BC (/var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js:484:4957)
[2025-09-18T18:30:28.115Z]     at async p7 (/var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js:665:202)
[2025-09-18T18:30:28.115Z]     at async d7 (/var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js:664:14804)
[2025-09-18T18:30:28.115Z]     at async /var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js:484:1188
[2025-09-18T18:30:28.119Z] Stop (5019 ms): Run: /app/extra/vscode/code /var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js up --user-data-folder /var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --docker-path /app/tools/podman/bin/podman-remote --container-session-data-folder /tmp/devcontainers-876a7ad5-6553-457f-851e-250f2accadfc1758220222419 --workspace-folder /var/mnt/[REDACTED_DOMAIN]/infrastructure.[REDACTED_DOMAIN]/terraform.infrastructure --workspace-mount-consistency cached --gpu-availability detect --id-label devcontainer.local_folder=/var/mnt/[REDACTED_DOMAIN]/infrastructure.[REDACTED_DOMAIN]/terraform.infrastructure --id-label devcontainer.config_file=/var/mnt/[REDACTED_DOMAIN]/infrastructure.[REDACTED_DOMAIN]/terraform.infrastructure/.devcontainer/devcontainer.json --log-level debug --log-format json --config /var/mnt/[REDACTED_DOMAIN]/infrastructure.[REDACTED_DOMAIN]/terraform.infrastructure/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --build-no-cache --remove-existing-container --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root --include-configuration --include-merged-configuration
[2025-09-18T18:30:28.119Z] Exit code 1
[2025-09-18T18:30:28.122Z] Command failed: /app/extra/vscode/code /var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/data/vscode/extensions/ms-vscode-remote.remote-containers-0.427.0/dist/spec-node/devContainersSpecCLI.js up --user-data-folder /var/home/[REDACTED_USER]/.var/app/com.visualstudio.code/config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --docker-path /app/tools/podman/bin/podman-remote --container-session-data-folder /tmp/devcontainers-876a7ad5-6553-457f-851e-250f2accadfc1758220222419 --workspace-folder /var/mnt/[REDACTED_DOMAIN]/infrastructure.[REDACTED_DOMAIN]/terraform.infrastructure --workspace-mount-consistency cached --gpu-availability detect --id-label devcontainer.local_folder=/var/mnt/[REDACTED_DOMAIN]/infrastructure.[REDACTED_DOMAIN]/terraform.infrastructure --id-label devcontainer.config_file=/var/mnt/[REDACTED_DOMAIN]/infrastructure.[REDACTED_DOMAIN]/terraform.infrastructure/.devcontainer/devcontainer.json --log-level debug --log-format json --config /var/mnt/[REDACTED_DOMAIN]/infrastructure.[REDACTED_DOMAIN]/terraform.infrastructure/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --build-no-cache --remove-existing-container --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root --include-configuration --include-merged-configuration
[2025-09-18T18:30:28.122Z] Exit code 1

Full logs devcontainer.log

devcontainer.json

{
  "name": "terraform",
  // "image": "ghcr.io/devcontainers/templates/ubuntu:latest",
  "image": "mcr.microsoft.com/devcontainers/universal:latest",
  "features": {
    "ghcr.io/devcontainers/features/terraform:1": {}
  },
  "customizations": {
    "vscode": {
      "extensions": [
        "esbenp.prettier-vscode",
        "HashiCorp.terraform",
        "HashiCorp.hcl"
      ]
    }
  }
}

Environment, versions, etc.

• Editor/Extensions: VS Code 1.102.1 · Dev Containers 0.427.0 · @devcontainers/cli 0.80.1
• Host runtime: Linux kernel 6.16.7-200.fc42.x86_64 (x64) · Node.js 22.15.1
• Container runtime/build: Podman Engine 5.6.1 (client & server, linux/amd64, API 5.6.1) · Buildah 1.41.4
• Base image: mcr.microsoft.com/devcontainers/universal:latest
• Devcontainer features: ghcr.io/devcontainers/features/terraform:1 (fetched terraform_0_oci 1.4.2); common-utils listed as soft-dependency (removed)
• Security: getenforce → Disabled (SELinux disabled)

[Yokutto]

Also, I think this is maybe related to: #1480 ?

[Kaniska244]

Updated in devcontainers/images#1556 (comment)

[Yokutto]

Hi,

I'm closing this since its pretty much a duplication of devcontainers/images#1556

Also, there's some workaround fixes for that in referenced comment (here)