From e4d093447c3994f7a62016af53dde0d463e61661 Mon Sep 17 00:00:00 2001 From: Chuck Lantz Date: Mon, 29 Jul 2019 16:13:29 -0700 Subject: [PATCH 1/2] Add setup for using a non-root user --- .../docker-compose/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/docker-compose.yml | 3 ++ .../dockerfile/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 5 +++- .../image/.devcontainer/devcontainer.json | 5 +++- .../azure-ansible/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../azure-blockchain/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ containers/azure-cli/.devcontainer/Dockerfile | 13 +++++++++ .../azure-cli/.devcontainer/devcontainer.json | 10 +++++-- .../.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 16 ++++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 16 ++++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 29 ++++++++++--------- .../azure-terraform/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ containers/bazel/.devcontainer/Dockerfile | 13 +++++++++ .../bazel/.devcontainer/devcontainer.json | 10 +++++-- containers/cpp/.devcontainer/Dockerfile | 13 +++++++++ .../cpp/.devcontainer/devcontainer.json | 9 ++++-- containers/dart/.devcontainer/Dockerfile | 13 +++++++++ .../dart/.devcontainer/devcontainer.json | 3 ++ .../debian-9-git/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 9 ++++-- .../.devcontainer/docker-compose.yml | 3 ++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 13 +++++++++ .../docker-in-docker/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../dotnetcore-2.1/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ containers/elm/.devcontainer/Dockerfile | 12 ++++++++ .../elm/.devcontainer/devcontainer.json | 3 ++ containers/go/.devcontainer/Dockerfile | 8 +++++ containers/go/.devcontainer/devcontainer.json | 9 ++++-- .../java-11/.devcontainer/devcontainer.json | 3 ++ .../java-12/.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/devcontainer.json | 3 ++ containers/java-8/.devcontainer/Dockerfile | 21 +++++++++++--- .../java-8/.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 17 +++++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 16 ++++++++++ .../.devcontainer/docker-compose.yml | 3 ++ .../.devcontainer/Dockerfile | 16 ++++++++++ .../.devcontainer/docker-compose.yml | 3 ++ .../.devcontainer/Dockerfile | 16 ++++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../kubernetes-helm/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 3 ++ containers/markdown/.devcontainer/Dockerfile | 13 +++++++++ .../markdown/.devcontainer/devcontainer.json | 3 ++ .../perl/.devcontainer/devcontainer.json | 9 ++++-- .../php-7/.devcontainer/devcontainer.json | 3 ++ .../plantuml/.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/devcontainer.json | 3 ++ .../puppet/.devcontainer/devcontainer.json | 11 ++++--- .../python-2/.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/docker-compose.yml | 3 ++ .../python-3/.devcontainer/devcontainer.json | 3 ++ containers/r/.devcontainer/devcontainer.json | 14 ++++++--- .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/devcontainer.json | 3 ++ .../ruby-2/.devcontainer/devcontainer.json | 3 ++ .../rust/.devcontainer/devcontainer.json | 7 +++-- .../swift-4/.devcontainer/devcontainer.json | 7 +++-- .../.devcontainer/Dockerfile | 16 ++++++++++ .../.devcontainer/devcontainer.json | 3 ++ .../.devcontainer/Dockerfile | 9 ++++++ .../.devcontainer/devcontainer.json | 3 ++ .../ubuntu-18.04-git/.devcontainer/Dockerfile | 13 +++++++++ .../.devcontainer/devcontainer.json | 11 +++++-- 90 files changed, 696 insertions(+), 47 deletions(-) diff --git a/container-templates/docker-compose/.devcontainer/Dockerfile b/container-templates/docker-compose/.devcontainer/Dockerfile index 7fbf50430d..b4b8d19353 100644 --- a/container-templates/docker-compose/.devcontainer/Dockerfile +++ b/container-templates/docker-compose/.devcontainer/Dockerfile @@ -14,6 +14,11 @@ FROM debian:9 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -25,6 +30,14 @@ RUN apt-get update \ # * Add steps for installing needed dependencies here * # ***************************************************** # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/container-templates/docker-compose/.devcontainer/docker-compose.yml b/container-templates/docker-compose/.devcontainer/docker-compose.yml index ffa32ba644..00fe7b19c0 100644 --- a/container-templates/docker-compose/.devcontainer/docker-compose.yml +++ b/container-templates/docker-compose/.devcontainer/docker-compose.yml @@ -6,6 +6,9 @@ version: '3' services: your-service-name-here: + # Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + # user: 1000 + # Using a Dockerfile is optional, but included for completeness. build: context: . diff --git a/container-templates/dockerfile/.devcontainer/Dockerfile b/container-templates/dockerfile/.devcontainer/Dockerfile index b225952f4c..b25d7dd363 100644 --- a/container-templates/dockerfile/.devcontainer/Dockerfile +++ b/container-templates/dockerfile/.devcontainer/Dockerfile @@ -9,6 +9,11 @@ FROM debian:9 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -20,6 +25,14 @@ RUN apt-get update \ # * Add steps for installing needed dependencies here * # ***************************************************** # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/container-templates/dockerfile/.devcontainer/devcontainer.json b/container-templates/dockerfile/.devcontainer/devcontainer.json index 7b9bc44c0e..00acacff9d 100644 --- a/container-templates/dockerfile/.devcontainer/devcontainer.json +++ b/container-templates/dockerfile/.devcontainer/devcontainer.json @@ -11,7 +11,10 @@ // "-v","/var/run/docker.sock:/var/run/docker.sock", // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust - // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" + // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", + + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000" ], // Uncomment the next line if you want to publish any ports. diff --git a/container-templates/image/.devcontainer/devcontainer.json b/container-templates/image/.devcontainer/devcontainer.json index 3e7875f105..9176949edd 100644 --- a/container-templates/image/.devcontainer/devcontainer.json +++ b/container-templates/image/.devcontainer/devcontainer.json @@ -8,7 +8,10 @@ // The optional 'runArgs' property can be used to specify additional runtime arguments. "runArgs": [ // Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust. - // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" + // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", + + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000" ], // Uncomment the next line if you want to publish any ports. diff --git a/containers/azure-ansible/.devcontainer/Dockerfile b/containers/azure-ansible/.devcontainer/Dockerfile index fc0ed1becc..c3f0c56eb5 100644 --- a/containers/azure-ansible/.devcontainer/Dockerfile +++ b/containers/azure-ansible/.devcontainer/Dockerfile @@ -9,6 +9,11 @@ FROM debian:9 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -50,6 +55,14 @@ RUN apt-get update \ && apt-get install -y libssl-dev libffi-dev python-dev python-pip \ && pip install ansible[azure] \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-ansible/.devcontainer/devcontainer.json b/containers/azure-ansible/.devcontainer/devcontainer.json index ddeb852c82..b954c05513 100644 --- a/containers/azure-ansible/.devcontainer/devcontainer.json +++ b/containers/azure-ansible/.devcontainer/devcontainer.json @@ -5,6 +5,9 @@ // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust. // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + "-v", "/var/run/docker.sock:/var/run/docker.sock" ], diff --git a/containers/azure-blockchain/.devcontainer/Dockerfile b/containers/azure-blockchain/.devcontainer/Dockerfile index 25491b8403..6ca73d3669 100644 --- a/containers/azure-blockchain/.devcontainer/Dockerfile +++ b/containers/azure-blockchain/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM python:2.7 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -32,6 +37,14 @@ RUN apt-get update \ && apt-get update \ && apt-get install -y azure-cli \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-blockchain/.devcontainer/devcontainer.json b/containers/azure-blockchain/.devcontainer/devcontainer.json index a2bfcd3a82..fc0f176d50 100644 --- a/containers/azure-blockchain/.devcontainer/devcontainer.json +++ b/containers/azure-blockchain/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "az --version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-vscode.azurecli", "azblockchain.azure-blockchain" diff --git a/containers/azure-cli/.devcontainer/Dockerfile b/containers/azure-cli/.devcontainer/Dockerfile index 1263fe3085..12583e34db 100644 --- a/containers/azure-cli/.devcontainer/Dockerfile +++ b/containers/azure-cli/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM debian:9 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -22,6 +27,14 @@ RUN apt-get update \ && apt-get update \ && apt-get install -y azure-cli \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-cli/.devcontainer/devcontainer.json b/containers/azure-cli/.devcontainer/devcontainer.json index 2c55e321f9..4d17eb94d5 100644 --- a/containers/azure-cli/.devcontainer/devcontainer.json +++ b/containers/azure-cli/.devcontainer/devcontainer.json @@ -2,8 +2,14 @@ "name": "Azure CLI", "dockerFile": "Dockerfile", - // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust. - // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], + // The optional 'runArgs' property can be used to specify additional runtime arguments. + "runArgs": [ + // Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust. + // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", + + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000" + ], // Uncomment the next line if you want to publish any ports. // "appPort": [], diff --git a/containers/azure-functions-dotnetcore-2.1/.devcontainer/Dockerfile b/containers/azure-functions-dotnetcore-2.1/.devcontainer/Dockerfile index 646167fa08..8809f9fd96 100644 --- a/containers/azure-functions-dotnetcore-2.1/.devcontainer/Dockerfile +++ b/containers/azure-functions-dotnetcore-2.1/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM mcr.microsoft.com/dotnet/core/sdk:2.1 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -28,6 +33,14 @@ RUN apt-get update \ && apt-get update \ && apt-get install -y azure-cli azure-functions-core-tools \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json b/containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json index 259730d3f4..3785927c35 100644 --- a/containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json +++ b/containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "dotnet restore", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-azuretools.vscode-azurefunctions", "ms-vscode.csharp" diff --git a/containers/azure-functions-dotnetcore-latest/.devcontainer/Dockerfile b/containers/azure-functions-dotnetcore-latest/.devcontainer/Dockerfile index f1d190558c..5b21d58e48 100644 --- a/containers/azure-functions-dotnetcore-latest/.devcontainer/Dockerfile +++ b/containers/azure-functions-dotnetcore-latest/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM mcr.microsoft.com/dotnet/core/sdk:latest # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -28,6 +33,14 @@ RUN apt-get update \ && apt-get update \ && apt-get install -y azure-cli azure-functions-core-tools \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-functions-dotnetcore-latest/.devcontainer/devcontainer.json b/containers/azure-functions-dotnetcore-latest/.devcontainer/devcontainer.json index 61a4d66fcb..fb302f834c 100644 --- a/containers/azure-functions-dotnetcore-latest/.devcontainer/devcontainer.json +++ b/containers/azure-functions-dotnetcore-latest/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "dotnet restore", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-azuretools.vscode-azurefunctions", "ms-vscode.csharp" diff --git a/containers/azure-functions-java-8/.devcontainer/Dockerfile b/containers/azure-functions-java-8/.devcontainer/Dockerfile index 8b158e9b3d..a276123b7d 100644 --- a/containers/azure-functions-java-8/.devcontainer/Dockerfile +++ b/containers/azure-functions-java-8/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM maven:3-jdk-8 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -31,6 +36,14 @@ RUN apt-get update \ # Allow for a consistant java home location for settings - image is changing over time && if [ ! -d "/docker-java-home" ]; then ln -s "${JAVA_HOME}" /docker-java-home; fi \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-functions-java-8/.devcontainer/devcontainer.json b/containers/azure-functions-java-8/.devcontainer/devcontainer.json index 509db82ea5..373f04dc03 100644 --- a/containers/azure-functions-java-8/.devcontainer/devcontainer.json +++ b/containers/azure-functions-java-8/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "java -version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-azuretools.vscode-azurefunctions", "vscjava.vscode-java-pack" diff --git a/containers/azure-functions-node-8/.devcontainer/Dockerfile b/containers/azure-functions-node-8/.devcontainer/Dockerfile index 6bb0a035c2..ae9f847a44 100644 --- a/containers/azure-functions-node-8/.devcontainer/Dockerfile +++ b/containers/azure-functions-node-8/.devcontainer/Dockerfile @@ -8,6 +8,13 @@ FROM node:8 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# The node image comes with a base non-root 'node' user, so the alternate +# user here is primarily for Linux scenarios where you need to match your local +# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1001 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -31,6 +38,15 @@ RUN apt-get update \ # Install eslint && npm install -g eslint \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \ + && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \ + # [Optional] Uncomment the next four lines to add sudo support + # && apt-get install -y sudo \ + # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \ + # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-functions-node-8/.devcontainer/devcontainer.json b/containers/azure-functions-node-8/.devcontainer/devcontainer.json index f89a0c6e9a..7cb7683a8d 100644 --- a/containers/azure-functions-node-8/.devcontainer/devcontainer.json +++ b/containers/azure-functions-node-8/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "npm install", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-azuretools.vscode-azurefunctions", "dbaeumer.vscode-eslint" diff --git a/containers/azure-functions-node-lts/.devcontainer/Dockerfile b/containers/azure-functions-node-lts/.devcontainer/Dockerfile index 7720e18997..027a70354f 100644 --- a/containers/azure-functions-node-lts/.devcontainer/Dockerfile +++ b/containers/azure-functions-node-lts/.devcontainer/Dockerfile @@ -8,6 +8,13 @@ FROM node:lts # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# The node image comes with a base non-root 'node' user, so the alternate +# user here is primarily for Linux scenarios where you need to match your local +# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1001 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -28,6 +35,15 @@ RUN apt-get update \ && apt-get update \ && apt-get install -y azure-cli dotnet-sdk-2.1 azure-functions-core-tools \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \ + && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \ + # [Optional] Uncomment the next four lines to add sudo support + # && apt-get install -y sudo \ + # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \ + # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Install eslint && npm install -g eslint \ # diff --git a/containers/azure-functions-node-lts/.devcontainer/devcontainer.json b/containers/azure-functions-node-lts/.devcontainer/devcontainer.json index de10df27b6..c5ada076dc 100644 --- a/containers/azure-functions-node-lts/.devcontainer/devcontainer.json +++ b/containers/azure-functions-node-lts/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "npm install", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-azuretools.vscode-azurefunctions", "dbaeumer.vscode-eslint" diff --git a/containers/azure-functions-python-3/.devcontainer/Dockerfile b/containers/azure-functions-python-3/.devcontainer/Dockerfile index 48b78d3429..848868f7b0 100644 --- a/containers/azure-functions-python-3/.devcontainer/Dockerfile +++ b/containers/azure-functions-python-3/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM python:3.6-stretch # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -39,6 +44,14 @@ RUN apt-get update \ && curl -sSL "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ && chmod +x /usr/local/bin/docker-compose \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-functions-python-3/.devcontainer/devcontainer.json b/containers/azure-functions-python-3/.devcontainer/devcontainer.json index fe21a85a82..9bfad6b335 100644 --- a/containers/azure-functions-python-3/.devcontainer/devcontainer.json +++ b/containers/azure-functions-python-3/.devcontainer/devcontainer.json @@ -4,6 +4,9 @@ "dockerFile": "Dockerfile", "appPort": [ 7071 ], "runArgs": [ + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + "-v","/var/run/docker.sock:/var/run/docker.sock" ], diff --git a/containers/azure-machine-learning-python-3/.devcontainer/Dockerfile b/containers/azure-machine-learning-python-3/.devcontainer/Dockerfile index 0ad8b279b0..f2e51f746d 100644 --- a/containers/azure-machine-learning-python-3/.devcontainer/Dockerfile +++ b/containers/azure-machine-learning-python-3/.devcontainer/Dockerfile @@ -10,6 +10,11 @@ FROM continuumio/anaconda3 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -32,6 +37,14 @@ RUN apt-get update \ && apt-get update \ && apt-get install -y docker-ce-cli \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Install pylint and Azure ML SDK && pip install pylint azureml-sdk[notebooks,automl] 2>&1 \ # diff --git a/containers/azure-machine-learning-python-3/.devcontainer/devcontainer.json b/containers/azure-machine-learning-python-3/.devcontainer/devcontainer.json index 76c737817f..4f2e3da2c4 100644 --- a/containers/azure-machine-learning-python-3/.devcontainer/devcontainer.json +++ b/containers/azure-machine-learning-python-3/.devcontainer/devcontainer.json @@ -1,7 +1,10 @@ { - "name": "Azure Machine Learning", - "dockerFile": "Dockerfile", + "name": "Azure Machine Learning", + "dockerFile": "Dockerfile", "runArgs": [ + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + "-v", "/var/run/docker.sock:/var/run/docker.sock" ], @@ -12,15 +15,15 @@ // "postCreateCommand": "pip install -r requirements.txt", "extensions": [ - "ms-toolsai.vscode-ai", - "ms-azuretools.vscode-docker" - ], - "settings": { - "remote.extensionKind": { - "ms-azuretools.vscode-docker": "workspace" - }, - "python.pythonPath": "/opt/conda/bin/python", - "python.linting.pylintEnabled": true, - "python.linting.enabled": true - } + "ms-toolsai.vscode-ai", + "ms-azuretools.vscode-docker" + ], + "settings": { + "remote.extensionKind": { + "ms-azuretools.vscode-docker": "workspace" + }, + "python.pythonPath": "/opt/conda/bin/python", + "python.linting.pylintEnabled": true, + "python.linting.enabled": true + } } \ No newline at end of file diff --git a/containers/azure-terraform/.devcontainer/Dockerfile b/containers/azure-terraform/.devcontainer/Dockerfile index 964e86a1a5..120c2df30a 100644 --- a/containers/azure-terraform/.devcontainer/Dockerfile +++ b/containers/azure-terraform/.devcontainer/Dockerfile @@ -13,6 +13,11 @@ ENV DEBIAN_FRONTEND=noninteractive ARG TERRAFORM_VERSION=0.11.13 ARG TFLINT_VERSION=0.7.5 +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -62,6 +67,14 @@ RUN apt-get update \ && rm -rf /tmp/docker-downloads \ && apt-get install -y graphviz \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/azure-terraform/.devcontainer/devcontainer.json b/containers/azure-terraform/.devcontainer/devcontainer.json index 6603986eda..4e66b46233 100644 --- a/containers/azure-terraform/.devcontainer/devcontainer.json +++ b/containers/azure-terraform/.devcontainer/devcontainer.json @@ -5,6 +5,9 @@ // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust. // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + "-v", "/var/run/docker.sock:/var/run/docker.sock" ], diff --git a/containers/bazel/.devcontainer/Dockerfile b/containers/bazel/.devcontainer/Dockerfile index 41b163f1eb..3f1716b2ad 100644 --- a/containers/bazel/.devcontainer/Dockerfile +++ b/containers/bazel/.devcontainer/Dockerfile @@ -11,6 +11,11 @@ ENV DEBIAN_FRONTEND=noninteractive ENV BAZEL_VERSION=0.25.2 ENV BAZEL_SHA256=5b9ab8a68c53421256909f79c47bde76a051910217531cbf35ee995448254fa7 +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -30,6 +35,14 @@ RUN apt-get update \ '\ >> $HOME/.bashrc \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/bazel/.devcontainer/devcontainer.json b/containers/bazel/.devcontainer/devcontainer.json index 8945618164..5cdfed6304 100644 --- a/containers/bazel/.devcontainer/devcontainer.json +++ b/containers/bazel/.devcontainer/devcontainer.json @@ -2,8 +2,14 @@ "name": "Bazel", "dockerFile": "Dockerfile", - // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust. - // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ] + // The optional 'runArgs' property can be used to specify additional runtime arguments. + "runArgs": [ + // Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust. + // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", + + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000" + ], // Uncomment the next line if you want to publish any ports. // "appPort": [], diff --git a/containers/cpp/.devcontainer/Dockerfile b/containers/cpp/.devcontainer/Dockerfile index a1808a983f..0f6472044f 100644 --- a/containers/cpp/.devcontainer/Dockerfile +++ b/containers/cpp/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM debian:9 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -18,6 +23,14 @@ RUN apt-get update \ # Install C++ tools && apt-get -y install build-essential cmake cppcheck valgrind \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/cpp/.devcontainer/devcontainer.json b/containers/cpp/.devcontainer/devcontainer.json index 9dc807852a..2a7f333aee 100644 --- a/containers/cpp/.devcontainer/devcontainer.json +++ b/containers/cpp/.devcontainer/devcontainer.json @@ -2,8 +2,10 @@ "name": "C++", "dockerFile": "Dockerfile", "runArgs": [ - "--cap-add=SYS_PTRACE", - "--security-opt", "seccomp=unconfined" + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + + "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], // Uncomment the next line if you want to publish any ports. @@ -15,6 +17,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "gcc -v", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-vscode.cpptools" ] diff --git a/containers/dart/.devcontainer/Dockerfile b/containers/dart/.devcontainer/Dockerfile index 8d127f7c60..c941f5cf0d 100644 --- a/containers/dart/.devcontainer/Dockerfile +++ b/containers/dart/.devcontainer/Dockerfile @@ -11,6 +11,11 @@ ENV DEBIAN_FRONTEND=noninteractive # Add bin location to path ENV PATH="$PATH":"/root/.pub-cache/bin" +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -18,6 +23,14 @@ RUN apt-get update \ # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed && apt-get -y install git procps lsb-release \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/dart/.devcontainer/devcontainer.json b/containers/dart/.devcontainer/devcontainer.json index 6c9bf141ae..15bc977921 100644 --- a/containers/dart/.devcontainer/devcontainer.json +++ b/containers/dart/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "uname -a", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "dart-code.dart-code" ] diff --git a/containers/debian-9-git/.devcontainer/Dockerfile b/containers/debian-9-git/.devcontainer/Dockerfile index 4fbf9d312c..0970f7e3c8 100644 --- a/containers/debian-9-git/.devcontainer/Dockerfile +++ b/containers/debian-9-git/.devcontainer/Dockerfile @@ -7,6 +7,11 @@ FROM debian:9 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -14,6 +19,14 @@ RUN apt-get update \ # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed && apt-get -y install git procps lsb-release \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/debian-9-git/.devcontainer/devcontainer.json b/containers/debian-9-git/.devcontainer/devcontainer.json index 3ab3e4cdb5..fa07227214 100644 --- a/containers/debian-9-git/.devcontainer/devcontainer.json +++ b/containers/debian-9-git/.devcontainer/devcontainer.json @@ -1,9 +1,14 @@ { "name": "Debian 9 & Git", "dockerFile": "Dockerfile", + // The optional 'runArgs' property can be used to specify additional runtime arguments. + "runArgs": [ + // Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust. + // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", - // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust. - // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000" + ], // Uncomment the next line if you want to publish any ports. // "appPort": [], diff --git a/containers/docker-existing-docker-compose/.devcontainer/docker-compose.yml b/containers/docker-existing-docker-compose/.devcontainer/docker-compose.yml index 5d83caf646..6b3574c520 100644 --- a/containers/docker-existing-docker-compose/.devcontainer/docker-compose.yml +++ b/containers/docker-existing-docker-compose/.devcontainer/docker-compose.yml @@ -7,6 +7,9 @@ version: '3' services: # Update this to the name of the service you want to work with in your docker-compose.yml file your-service-name-here: + # Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + # user: 1000 + # Uncomment if you want to add a different Dockerfile in the .devcontainer folder # build: # context: . diff --git a/containers/docker-existing-dockerfile/.devcontainer/devcontainer.json b/containers/docker-existing-dockerfile/.devcontainer/devcontainer.json index 6cfa366059..3a40fd57e2 100644 --- a/containers/docker-existing-dockerfile/.devcontainer/devcontainer.json +++ b/containers/docker-existing-dockerfile/.devcontainer/devcontainer.json @@ -15,6 +15,9 @@ // Uncomment the next line if you will be using a ptrace-based debugger like C++, Go, and Rust. // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" + + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000" ], // Uncomment the next line if you want to publish any ports. diff --git a/containers/docker-in-docker-compose/.devcontainer/Dockerfile b/containers/docker-in-docker-compose/.devcontainer/Dockerfile index db7cb563d4..ef07a2cdba 100644 --- a/containers/docker-in-docker-compose/.devcontainer/Dockerfile +++ b/containers/docker-in-docker-compose/.devcontainer/Dockerfile @@ -12,6 +12,11 @@ ENV DEBIAN_FRONTEND=noninteractive # Docker Compose version ARG COMPOSE_VERSION=1.24.0 +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -30,6 +35,14 @@ RUN apt-get update \ && curl -sSL "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ && chmod +x /usr/local/bin/docker-compose \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/docker-in-docker/.devcontainer/Dockerfile b/containers/docker-in-docker/.devcontainer/Dockerfile index 4dcd2fb3bc..449cad71f8 100644 --- a/containers/docker-in-docker/.devcontainer/Dockerfile +++ b/containers/docker-in-docker/.devcontainer/Dockerfile @@ -13,6 +13,11 @@ ENV DEBIAN_FRONTEND=noninteractive # Docker Compose version ARG COMPOSE_VERSION=1.24.0 +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -31,6 +36,14 @@ RUN apt-get update \ && curl -sSL "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ && chmod +x /usr/local/bin/docker-compose \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/dotnetcore-2.1-fsharp/.devcontainer/Dockerfile b/containers/dotnetcore-2.1-fsharp/.devcontainer/Dockerfile index 2ed9eec12f..d7b1d75ac6 100644 --- a/containers/dotnetcore-2.1-fsharp/.devcontainer/Dockerfile +++ b/containers/dotnetcore-2.1-fsharp/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM mcr.microsoft.com/dotnet/core/sdk:2.1 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -18,6 +23,14 @@ RUN apt-get update \ # Install F# && apt-get install -y fsharp \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/dotnetcore-2.1-fsharp/.devcontainer/devcontainer.json b/containers/dotnetcore-2.1-fsharp/.devcontainer/devcontainer.json index 5add94a759..6e93375c76 100644 --- a/containers/dotnetcore-2.1-fsharp/.devcontainer/devcontainer.json +++ b/containers/dotnetcore-2.1-fsharp/.devcontainer/devcontainer.json @@ -8,6 +8,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "dotnet restore", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "Ionide.Ionide-fsharp", "ms-vscode.csharp" diff --git a/containers/dotnetcore-2.1/.devcontainer/Dockerfile b/containers/dotnetcore-2.1/.devcontainer/Dockerfile index c90dc4d8f7..d070fe87ba 100644 --- a/containers/dotnetcore-2.1/.devcontainer/Dockerfile +++ b/containers/dotnetcore-2.1/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM mcr.microsoft.com/dotnet/core/sdk:2.1 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -15,6 +20,14 @@ RUN apt-get update \ # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed && apt-get -y install git procps lsb-release \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/dotnetcore-2.1/.devcontainer/devcontainer.json b/containers/dotnetcore-2.1/.devcontainer/devcontainer.json index bc5f03edd9..80bdab377c 100644 --- a/containers/dotnetcore-2.1/.devcontainer/devcontainer.json +++ b/containers/dotnetcore-2.1/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "dotnet restore" + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-vscode.csharp" ] diff --git a/containers/dotnetcore-latest-fsharp/.devcontainer/Dockerfile b/containers/dotnetcore-latest-fsharp/.devcontainer/Dockerfile index 1884ae6294..97015f29e4 100644 --- a/containers/dotnetcore-latest-fsharp/.devcontainer/Dockerfile +++ b/containers/dotnetcore-latest-fsharp/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM mcr.microsoft.com/dotnet/core/sdk:latest # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -18,6 +23,14 @@ RUN apt-get update \ # Install F# && apt-get install -y fsharp \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/dotnetcore-latest-fsharp/.devcontainer/devcontainer.json b/containers/dotnetcore-latest-fsharp/.devcontainer/devcontainer.json index 44d7680397..340f5e2977 100644 --- a/containers/dotnetcore-latest-fsharp/.devcontainer/devcontainer.json +++ b/containers/dotnetcore-latest-fsharp/.devcontainer/devcontainer.json @@ -8,6 +8,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "dotnet restore", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "Ionide.Ionide-fsharp", "ms-vscode.csharp" diff --git a/containers/dotnetcore-latest/.devcontainer/Dockerfile b/containers/dotnetcore-latest/.devcontainer/Dockerfile index 5ea7285681..b7a0a308c9 100644 --- a/containers/dotnetcore-latest/.devcontainer/Dockerfile +++ b/containers/dotnetcore-latest/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM mcr.microsoft.com/dotnet/core/sdk:latest # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -15,6 +20,14 @@ RUN apt-get update \ # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed && apt-get -y install git procps lsb-release \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/dotnetcore-latest/.devcontainer/devcontainer.json b/containers/dotnetcore-latest/.devcontainer/devcontainer.json index e7a9f46f6b..766ef5a921 100644 --- a/containers/dotnetcore-latest/.devcontainer/devcontainer.json +++ b/containers/dotnetcore-latest/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "dotnet restore", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-vscode.csharp" ] diff --git a/containers/elm/.devcontainer/Dockerfile b/containers/elm/.devcontainer/Dockerfile index 655901a789..cb427e5b20 100644 --- a/containers/elm/.devcontainer/Dockerfile +++ b/containers/elm/.devcontainer/Dockerfile @@ -11,6 +11,10 @@ ENV DEBIAN_FRONTEND=noninteractive # Configuring Elm version ARG ELM_VERSION=0.19.0 +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID # Configure apt and install packages RUN apt-get update \ @@ -23,6 +27,14 @@ RUN apt-get update \ # Install elm globally && wget -O - https://github.com/elm/compiler/releases/download/${ELM_VERSION}/binary-for-linux-64-bit.gz | gunzip -c > /usr/local/bin/elm && chmod +x /usr/local/bin/elm \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/elm/.devcontainer/devcontainer.json b/containers/elm/.devcontainer/devcontainer.json index 03e781e425..1062dd3a9c 100644 --- a/containers/elm/.devcontainer/devcontainer.json +++ b/containers/elm/.devcontainer/devcontainer.json @@ -12,6 +12,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "elm make", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "sbrink.elm" ] diff --git a/containers/go/.devcontainer/Dockerfile b/containers/go/.devcontainer/Dockerfile index eb527f1fbf..d59add8dda 100644 --- a/containers/go/.devcontainer/Dockerfile +++ b/containers/go/.devcontainer/Dockerfile @@ -46,6 +46,14 @@ RUN apt-get update \ github.com/mgechev/revive \ github.com/derekparker/delve/cmd/dlv 2>&1 \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/go/.devcontainer/devcontainer.json b/containers/go/.devcontainer/devcontainer.json index f7f4a6f75f..d6f378f987 100644 --- a/containers/go/.devcontainer/devcontainer.json +++ b/containers/go/.devcontainer/devcontainer.json @@ -2,8 +2,10 @@ "name": "Go", "dockerFile": "Dockerfile", "runArgs": [ - "--cap-add=SYS_PTRACE", - "--security-opt", "seccomp=unconfined" + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + + "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], // Uncomment the next line if you want to publish any ports. @@ -12,6 +14,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "go version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-vscode.go" ], diff --git a/containers/java-11/.devcontainer/devcontainer.json b/containers/java-11/.devcontainer/devcontainer.json index be775b6b10..eac19f3e38 100644 --- a/containers/java-11/.devcontainer/devcontainer.json +++ b/containers/java-11/.devcontainer/devcontainer.json @@ -8,6 +8,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "java -version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "vscjava.vscode-java-pack" ], diff --git a/containers/java-12/.devcontainer/devcontainer.json b/containers/java-12/.devcontainer/devcontainer.json index dad13a38c3..7fd9b223ad 100644 --- a/containers/java-12/.devcontainer/devcontainer.json +++ b/containers/java-12/.devcontainer/devcontainer.json @@ -8,6 +8,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "java -version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "vscjava.vscode-java-pack" ], diff --git a/containers/java-8-tomcat-8.5/.devcontainer/devcontainer.json b/containers/java-8-tomcat-8.5/.devcontainer/devcontainer.json index 3dd6f10e23..38c7de1b9a 100644 --- a/containers/java-8-tomcat-8.5/.devcontainer/devcontainer.json +++ b/containers/java-8-tomcat-8.5/.devcontainer/devcontainer.json @@ -8,6 +8,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "java -version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "vscjava.vscode-java-pack", "adashen.vscode-tomcat" diff --git a/containers/java-8/.devcontainer/Dockerfile b/containers/java-8/.devcontainer/Dockerfile index b5e082ef8d..5f942a94c7 100644 --- a/containers/java-8/.devcontainer/Dockerfile +++ b/containers/java-8/.devcontainer/Dockerfile @@ -5,13 +5,26 @@ FROM openjdk:8-jdk +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update \ - && apt-get -y install --no-install-recommends apt-utils 2>&1 - -# Verify git, needed tools installed -RUN apt-get -y install git procps curl lsb-release + && apt-get -y install --no-install-recommends apt-utils 2>&1 \ + # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # + # Verify git, needed tools installed + && apt-get -y install git procps curl lsb-release #-------------------Uncomment the following steps to install Maven CLI Tools---------------------------------- # ARG MAVEN_VERSION=3.6.1 diff --git a/containers/java-8/.devcontainer/devcontainer.json b/containers/java-8/.devcontainer/devcontainer.json index 76a0194ead..8f7d95cd1d 100644 --- a/containers/java-8/.devcontainer/devcontainer.json +++ b/containers/java-8/.devcontainer/devcontainer.json @@ -8,6 +8,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "java -version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "vscjava.vscode-java-pack" ], diff --git a/containers/javascript-node-8/.devcontainer/Dockerfile b/containers/javascript-node-8/.devcontainer/Dockerfile index 879f5511a5..2884efce61 100644 --- a/containers/javascript-node-8/.devcontainer/Dockerfile +++ b/containers/javascript-node-8/.devcontainer/Dockerfile @@ -8,6 +8,13 @@ FROM node:8 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# The node image comes with a base non-root 'node' user, so the alternate +# user here is primarily for Linux scenarios where you need to match your local +# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1001 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -29,6 +36,16 @@ RUN apt-get update \ # Install eslint globally && npm install -g eslint \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && echo "$USER_UID" \ + && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \ + && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \ + # [Optional] Uncomment the next four lines to add sudo support + # && apt-get install -y sudo \ + # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \ + # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/javascript-node-8/.devcontainer/devcontainer.json b/containers/javascript-node-8/.devcontainer/devcontainer.json index c91ec052e7..f59c088773 100644 --- a/containers/javascript-node-8/.devcontainer/devcontainer.json +++ b/containers/javascript-node-8/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "yarn install", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "dbaeumer.vscode-eslint" ] diff --git a/containers/javascript-node-lts-mongo/.devcontainer/Dockerfile b/containers/javascript-node-lts-mongo/.devcontainer/Dockerfile index fd1edbd56e..4593fe98dc 100644 --- a/containers/javascript-node-lts-mongo/.devcontainer/Dockerfile +++ b/containers/javascript-node-lts-mongo/.devcontainer/Dockerfile @@ -8,6 +8,13 @@ FROM node:lts # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# The node image comes with a base non-root 'node' user, so the alternate +# user here is primarily for Linux scenarios where you need to match your local +# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1001 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -29,6 +36,15 @@ RUN apt-get update \ # Install eslint globally && npm install -g eslint \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \ + && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \ + # [Optional] Uncomment the next four lines to add sudo support + # && apt-get install -y sudo \ + # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \ + # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/javascript-node-lts-mongo/.devcontainer/docker-compose.yml b/containers/javascript-node-lts-mongo/.devcontainer/docker-compose.yml index 51cb42d7b7..cc3dfe1ba5 100644 --- a/containers/javascript-node-lts-mongo/.devcontainer/docker-compose.yml +++ b/containers/javascript-node-lts-mongo/.devcontainer/docker-compose.yml @@ -6,6 +6,9 @@ version: '3' services: web: + # Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + # user: 1000 + build: context: . dockerfile: Dockerfile diff --git a/containers/javascript-node-lts-postgres/.devcontainer/Dockerfile b/containers/javascript-node-lts-postgres/.devcontainer/Dockerfile index 2bbf64fc94..04504d0a79 100644 --- a/containers/javascript-node-lts-postgres/.devcontainer/Dockerfile +++ b/containers/javascript-node-lts-postgres/.devcontainer/Dockerfile @@ -8,6 +8,13 @@ FROM node:lts # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# The node image comes with a base non-root 'node' user, so the alternate +# user here is primarily for Linux scenarios where you need to match your local +# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1001 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -29,6 +36,15 @@ RUN apt-get update \ # Install eslint globally && npm install -g eslint \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \ + && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \ + # [Optional] Uncomment the next four lines to add sudo support + # && apt-get install -y sudo \ + # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \ + # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/javascript-node-lts-postgres/.devcontainer/docker-compose.yml b/containers/javascript-node-lts-postgres/.devcontainer/docker-compose.yml index 552915bb6e..2937be1c04 100644 --- a/containers/javascript-node-lts-postgres/.devcontainer/docker-compose.yml +++ b/containers/javascript-node-lts-postgres/.devcontainer/docker-compose.yml @@ -6,6 +6,9 @@ version: '3' services: web: + # Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + # user: 1000 + build: context: . dockerfile: Dockerfile diff --git a/containers/javascript-node-lts/.devcontainer/Dockerfile b/containers/javascript-node-lts/.devcontainer/Dockerfile index fd1edbd56e..4593fe98dc 100644 --- a/containers/javascript-node-lts/.devcontainer/Dockerfile +++ b/containers/javascript-node-lts/.devcontainer/Dockerfile @@ -8,6 +8,13 @@ FROM node:lts # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# The node image comes with a base non-root 'node' user, so the alternate +# user here is primarily for Linux scenarios where you need to match your local +# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1001 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -29,6 +36,15 @@ RUN apt-get update \ # Install eslint globally && npm install -g eslint \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \ + && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \ + # [Optional] Uncomment the next four lines to add sudo support + # && apt-get install -y sudo \ + # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \ + # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/javascript-node-lts/.devcontainer/devcontainer.json b/containers/javascript-node-lts/.devcontainer/devcontainer.json index 24e77248cd..ff2a6b3dd2 100644 --- a/containers/javascript-node-lts/.devcontainer/devcontainer.json +++ b/containers/javascript-node-lts/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "yarn install", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "dbaeumer.vscode-eslint" ] diff --git a/containers/kubernetes-helm/.devcontainer/Dockerfile b/containers/kubernetes-helm/.devcontainer/Dockerfile index 7be9d39fcb..00e03b17ab 100644 --- a/containers/kubernetes-helm/.devcontainer/Dockerfile +++ b/containers/kubernetes-helm/.devcontainer/Dockerfile @@ -9,6 +9,11 @@ FROM debian:9 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -50,6 +55,14 @@ RUN apt-get update \ fi' \ >> $HOME/.bashrc \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/kubernetes-helm/.devcontainer/devcontainer.json b/containers/kubernetes-helm/.devcontainer/devcontainer.json index 5d2b4b3be9..e43d26de60 100644 --- a/containers/kubernetes-helm/.devcontainer/devcontainer.json +++ b/containers/kubernetes-helm/.devcontainer/devcontainer.json @@ -5,6 +5,9 @@ // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust. // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + "--mount", "type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock", "--mount", "type=bind,source=${env:HOME}${env:USERPROFILE}/.kube,target=/root/.kube-localhost", diff --git a/containers/markdown/.devcontainer/Dockerfile b/containers/markdown/.devcontainer/Dockerfile index 5af0383e6f..9955aaf7b7 100644 --- a/containers/markdown/.devcontainer/Dockerfile +++ b/containers/markdown/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM debian:9 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ # @@ -17,6 +22,14 @@ RUN apt-get update \ # Verify git and needed tools are installed && apt-get install -y git procps lsb-release \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/markdown/.devcontainer/devcontainer.json b/containers/markdown/.devcontainer/devcontainer.json index cb97aeda2d..468ff652a7 100644 --- a/containers/markdown/.devcontainer/devcontainer.json +++ b/containers/markdown/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "uname -a" + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "yzhang.markdown-all-in-one", "streetsidesoftware.code-spell-checker", diff --git a/containers/perl/.devcontainer/devcontainer.json b/containers/perl/.devcontainer/devcontainer.json index f938eedca3..254da5fa33 100644 --- a/containers/perl/.devcontainer/devcontainer.json +++ b/containers/perl/.devcontainer/devcontainer.json @@ -2,8 +2,10 @@ "name": "Perl", "dockerFile": "Dockerfile", "runArgs": [ - "--cap-add=SYS_PTRACE", - "--security-opt", "seccomp=unconfined" + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + + "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], // Uncomment the next line if you want to publish any ports. @@ -15,6 +17,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "perl -v", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "mortenhenriksen.perl-debug", "d9705996.perl-toolbox" diff --git a/containers/php-7/.devcontainer/devcontainer.json b/containers/php-7/.devcontainer/devcontainer.json index 9c7cb5ac53..0a91ae8b04 100644 --- a/containers/php-7/.devcontainer/devcontainer.json +++ b/containers/php-7/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "php -v", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "felixfbecker.php-debug", "felixfbecker.php-intellisense" diff --git a/containers/plantuml/.devcontainer/devcontainer.json b/containers/plantuml/.devcontainer/devcontainer.json index bd4f08d338..caf22179c0 100644 --- a/containers/plantuml/.devcontainer/devcontainer.json +++ b/containers/plantuml/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "java -version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "jebbs.plantuml" ] diff --git a/containers/powershell/.devcontainer/devcontainer.json b/containers/powershell/.devcontainer/devcontainer.json index f2fd532edc..e08e20e547 100644 --- a/containers/powershell/.devcontainer/devcontainer.json +++ b/containers/powershell/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. This gets run in bash which is why we call `pwsh`. // "postCreateCommand": "pwsh -c '$PSVersionTable'", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-vscode.powershell" ] diff --git a/containers/puppet/.devcontainer/devcontainer.json b/containers/puppet/.devcontainer/devcontainer.json index bda24e4074..cf2af04a0b 100644 --- a/containers/puppet/.devcontainer/devcontainer.json +++ b/containers/puppet/.devcontainer/devcontainer.json @@ -11,8 +11,11 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "pdk --version", - "extensions": [ - "jpogran.puppet-vscode", - "rebornix.Ruby" - ] + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + + "extensions": [ + "jpogran.puppet-vscode", + "rebornix.Ruby" + ] } diff --git a/containers/python-2/.devcontainer/devcontainer.json b/containers/python-2/.devcontainer/devcontainer.json index cf4a63e84b..4637b7d0a6 100644 --- a/containers/python-2/.devcontainer/devcontainer.json +++ b/containers/python-2/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "java -version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-python.python" ], diff --git a/containers/python-3-anaconda/.devcontainer/devcontainer.json b/containers/python-3-anaconda/.devcontainer/devcontainer.json index 06e70c4fec..ae20437a69 100644 --- a/containers/python-3-anaconda/.devcontainer/devcontainer.json +++ b/containers/python-3-anaconda/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "python --version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-python.python" ], diff --git a/containers/python-3-miniconda/.devcontainer/devcontainer.json b/containers/python-3-miniconda/.devcontainer/devcontainer.json index 1cdba66fd1..3012f699f2 100644 --- a/containers/python-3-miniconda/.devcontainer/devcontainer.json +++ b/containers/python-3-miniconda/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "python --version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-python.python" ], diff --git a/containers/python-3-postgres/.devcontainer/docker-compose.yml b/containers/python-3-postgres/.devcontainer/docker-compose.yml index 5276c3a52a..00aab4b469 100644 --- a/containers/python-3-postgres/.devcontainer/docker-compose.yml +++ b/containers/python-3-postgres/.devcontainer/docker-compose.yml @@ -2,6 +2,9 @@ version: '3' services: app: + # Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + # user: 1000 + build: context: .. dockerfile: .devcontainer/Dockerfile diff --git a/containers/python-3/.devcontainer/devcontainer.json b/containers/python-3/.devcontainer/devcontainer.json index 527ae81f81..473993657a 100644 --- a/containers/python-3/.devcontainer/devcontainer.json +++ b/containers/python-3/.devcontainer/devcontainer.json @@ -9,6 +9,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "python --version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-python.python" ], diff --git a/containers/r/.devcontainer/devcontainer.json b/containers/r/.devcontainer/devcontainer.json index cadf4b77e9..2511352379 100644 --- a/containers/r/.devcontainer/devcontainer.json +++ b/containers/r/.devcontainer/devcontainer.json @@ -2,8 +2,10 @@ "name": "R", "dockerFile": "Dockerfile", "runArgs": [ - "--cap-add=SYS_PTRACE", - "--security-opt", "seccomp=unconfined" + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + + "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], // Uncomment the next line if you want to publish any ports. @@ -11,8 +13,12 @@ // Uncomment the next line if you want to add in default container specific settings.json values // "settings": { "workbench.colorTheme": "Quiet Light" }, - - "postCreateCommand": "R --version", + + // Uncomment the next line to run commands after the container is created. + // "postCreateCommand": "R --version", + + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], "extensions": [ "ikuyadeu.r", diff --git a/containers/ruby-2-rails-5/.devcontainer/devcontainer.json b/containers/ruby-2-rails-5/.devcontainer/devcontainer.json index 60e217ae8f..2917c53882 100644 --- a/containers/ruby-2-rails-5/.devcontainer/devcontainer.json +++ b/containers/ruby-2-rails-5/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "cd ${input:projectName} && bundle install", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "rebornix.Ruby" ] diff --git a/containers/ruby-2-sinatra/.devcontainer/devcontainer.json b/containers/ruby-2-sinatra/.devcontainer/devcontainer.json index f693b77ebc..d6dfa77e8d 100644 --- a/containers/ruby-2-sinatra/.devcontainer/devcontainer.json +++ b/containers/ruby-2-sinatra/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "rebornix.Ruby" ] diff --git a/containers/ruby-2/.devcontainer/devcontainer.json b/containers/ruby-2/.devcontainer/devcontainer.json index 9ef34351b0..6c6964bc8f 100644 --- a/containers/ruby-2/.devcontainer/devcontainer.json +++ b/containers/ruby-2/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "ruby --version", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "rebornix.Ruby" ] diff --git a/containers/rust/.devcontainer/devcontainer.json b/containers/rust/.devcontainer/devcontainer.json index fd17882fc5..d78ddb62b3 100644 --- a/containers/rust/.devcontainer/devcontainer.json +++ b/containers/rust/.devcontainer/devcontainer.json @@ -2,10 +2,13 @@ "name": "Rust", "dockerFile": "Dockerfile", "runArgs": [ - "--cap-add=SYS_PTRACE", - "--security-opt", "seccomp=unconfined" + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + + "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], + // Uncomment the next line if you want to publish any ports. // "appPort": [], diff --git a/containers/swift-4/.devcontainer/devcontainer.json b/containers/swift-4/.devcontainer/devcontainer.json index 87b59a18d8..fbddb791c5 100644 --- a/containers/swift-4/.devcontainer/devcontainer.json +++ b/containers/swift-4/.devcontainer/devcontainer.json @@ -2,9 +2,10 @@ "name": "Swift 4", "dockerFile": "Dockerfile", "runArgs": [ - "--cap-add=SYS_PTRACE", - "--security-opt", - "seccomp=unconfined" + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000", + + "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], // Uncomment the next line if you want to publish any ports. diff --git a/containers/typescript-node-8/.devcontainer/Dockerfile b/containers/typescript-node-8/.devcontainer/Dockerfile index 00e5091ca7..89a4a2d67c 100644 --- a/containers/typescript-node-8/.devcontainer/Dockerfile +++ b/containers/typescript-node-8/.devcontainer/Dockerfile @@ -8,6 +8,13 @@ FROM node:8 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# The node image comes with a base non-root 'node' user, so the alternate +# user here is primarily for Linux scenarios where you need to match your local +# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1001 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -29,6 +36,15 @@ RUN apt-get update \ # Install tslint and typescript globally && npm install -g tslint typescript \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \ + && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \ + # [Optional] Uncomment the next four lines to add sudo support + # && apt-get install -y sudo \ + # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \ + # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/typescript-node-8/.devcontainer/devcontainer.json b/containers/typescript-node-8/.devcontainer/devcontainer.json index e06bbcda70..409e0de28f 100644 --- a/containers/typescript-node-8/.devcontainer/devcontainer.json +++ b/containers/typescript-node-8/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "yarn install", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-vscode.vscode-typescript-tslint-plugin" ] diff --git a/containers/typescript-node-lts/.devcontainer/Dockerfile b/containers/typescript-node-lts/.devcontainer/Dockerfile index a055edad3a..4cedc575d7 100644 --- a/containers/typescript-node-lts/.devcontainer/Dockerfile +++ b/containers/typescript-node-lts/.devcontainer/Dockerfile @@ -29,6 +29,15 @@ RUN apt-get update \ # Install tslint and typescript globally && npm install -g tslint typescript \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \ + && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \ + # [Optional] Uncomment the next four lines to add sudo support + # && apt-get install -y sudo \ + # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \ + # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/typescript-node-lts/.devcontainer/devcontainer.json b/containers/typescript-node-lts/.devcontainer/devcontainer.json index e6e1dd704e..65bc562f78 100644 --- a/containers/typescript-node-lts/.devcontainer/devcontainer.json +++ b/containers/typescript-node-lts/.devcontainer/devcontainer.json @@ -11,6 +11,9 @@ // Uncomment the next line to run commands after the container is created. // "postCreateCommand": "yarn install", + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "runArgs": [ "-u", "1000" ], + "extensions": [ "ms-vscode.vscode-typescript-tslint-plugin" ] diff --git a/containers/ubuntu-18.04-git/.devcontainer/Dockerfile b/containers/ubuntu-18.04-git/.devcontainer/Dockerfile index b84152c0bf..de44df0d81 100644 --- a/containers/ubuntu-18.04-git/.devcontainer/Dockerfile +++ b/containers/ubuntu-18.04-git/.devcontainer/Dockerfile @@ -7,6 +7,11 @@ FROM ubuntu:bionic # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils 2>&1 \ @@ -14,6 +19,14 @@ RUN apt-get update \ # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed && apt-get -y install git procps lsb-release \ # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Uncomment the next three lines to add sudo support + # && apt-get install -y sudo \ + # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + # && chmod 0440 /etc/sudoers.d/$USERNAME \ + # # Clean up && apt-get autoremove -y \ && apt-get clean -y \ diff --git a/containers/ubuntu-18.04-git/.devcontainer/devcontainer.json b/containers/ubuntu-18.04-git/.devcontainer/devcontainer.json index 27a6ce2bb0..3bf4318083 100644 --- a/containers/ubuntu-18.04-git/.devcontainer/devcontainer.json +++ b/containers/ubuntu-18.04-git/.devcontainer/devcontainer.json @@ -1,9 +1,14 @@ { "name": "Ubuntu 18.04 & Git", "dockerFile": "Dockerfile", - - // Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust. - // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], + // The optional 'runArgs' property can be used to specify additional runtime arguments. + "runArgs": [ + // Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust. + // "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", + + // Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + // "-u", "1000" + ], // Uncomment the next line if you want to publish any ports. // "appPort": [], From 7a9e3ce363c190567265538d690ba42262431738 Mon Sep 17 00:00:00 2001 From: Chuck Lantz Date: Tue, 30 Jul 2019 08:44:00 -0700 Subject: [PATCH 2/2] Bug fixes --- .../.devcontainer/docker-compose.yml | 3 +++ containers/go/.devcontainer/Dockerfile | 7 ++++++- containers/typescript-node-lts/.devcontainer/Dockerfile | 7 +++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/containers/docker-in-docker-compose/.devcontainer/docker-compose.yml b/containers/docker-in-docker-compose/.devcontainer/docker-compose.yml index 4e2f12a06f..400be59e9b 100644 --- a/containers/docker-in-docker-compose/.devcontainer/docker-compose.yml +++ b/containers/docker-in-docker-compose/.devcontainer/docker-compose.yml @@ -6,6 +6,9 @@ version: '3' services: docker-in-docker: + # Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user. + # user: 1000 + build: context: . dockerfile: Dockerfile diff --git a/containers/go/.devcontainer/Dockerfile b/containers/go/.devcontainer/Dockerfile index 8975f3c85d..e6383fac31 100644 --- a/containers/go/.devcontainer/Dockerfile +++ b/containers/go/.devcontainer/Dockerfile @@ -8,6 +8,11 @@ FROM golang:1 # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + # Configure apt, install packages and tools RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \ @@ -49,7 +54,7 @@ RUN apt-get update \ # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. && groupadd --gid $USER_GID $USERNAME \ && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ - # [Optional] Uncomment the next three lines to add sudo support + # [Optional] Add sudo support # && apt-get install -y sudo \ # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ # && chmod 0440 /etc/sudoers.d/$USERNAME \ diff --git a/containers/typescript-node-lts/.devcontainer/Dockerfile b/containers/typescript-node-lts/.devcontainer/Dockerfile index fa725ea4da..47204be7cd 100644 --- a/containers/typescript-node-lts/.devcontainer/Dockerfile +++ b/containers/typescript-node-lts/.devcontainer/Dockerfile @@ -8,6 +8,13 @@ FROM node:lts # Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive +# The node image comes with a base non-root 'node' user, so the alternate +# user here is primarily for Linux scenarios where you need to match your local +# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1001 +ARG USER_GID=$USER_UID + # Configure apt and install packages RUN apt-get update \ && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \