Skip to content

Update Dev Spaces image to support sudo #734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
cgruver wants to merge 2 commits into from
Closed

Update Dev Spaces image to support sudo #734

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
346d09c
Update Dev Spaces image to support sudo
cgruver Apr 20, 2026
9761b67
Update to account for comments in code review. Note: is necessary t…
cgruver Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions devfile.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ components:
env:
- name: "ANSIBLE_COLLECTIONS_PATH"
value: "~/.ansible/collections:/usr/share/ansible/collections:/projects/ansible-devspaces-demo/collections"
- name: "ADT_CONTAINER_ENGINE"
value: "podman"
commands:
- id: molecule-create
exec:
Expand Down
3 changes: 2 additions & 1 deletion devspaces/Containerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ RUN --mount=type=bind,target=. --mount=type=cache,dst=/var/cache/dnf --mount=typ

ENV BUILDAH_ISOLATION=chroot

USER 10001
# Reflect the UID that the SCC will force the workspace to run as.
USER 1000
Comment on lines +19 to +20
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description says changing USER has “no runtime effect”, but it does change the default runtime user for anyone running the image outside an SCC-enforced environment (e.g., local podman/docker runs, CI, or other Kubernetes setups). If the intent is strictly documentation, consider leaving the image USER unchanged and documenting the expected UID elsewhere, or update the PR description to reflect the behavior change.

Copilot uses AI. Check for mistakes.

ENTRYPOINT ["/entrypoint.sh"]
CMD ["tail", "-f", "/dev/null"]
10 changes: 10 additions & 0 deletions devspaces/context/setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,16 @@ setcap cap_setuid+ep /usr/bin/newuidmap
setcap cap_setgid+ep /usr/bin/newgidmap
touch /etc/subgid /etc/subuid
chown 0:0 /etc/subgid /etc/subuid
# Remove the base image entries for user
if id user >/dev/null 2>&1
then
userdel user
# Add the user with the UID that the SCC will enforce
useradd -u 1000 -G wheel,root -d /home/user --shell /bin/bash -m user
usermod -L user
chmod 400 /etc/shadow
chown -R user /home/user
fi

if [[ "${ENABLE_NOPASSWD_SUDO:-false}" == "true" ]]; then
echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/wheel-nopasswd
Expand Down
Loading