Skip to content

Succesfully enabled devcontainer support using sandboxing #388

Description

@francoism90

This is a different approach as seen in #342.

I have created a general Flatpak Podman SDK: https://github.com/francoism90/org.freedesktop.Sdk.Extension.podman, which provides podman, podman-remote (the one you need) and podman-compose (untested).

To make it work:

  1. Install the SDK extension (or build it yourself) as seen in my repo

  2. Create wrappers (this would require a PR or zed allowing to overrule paths):

# Create a permanent config-level bin directory
mkdir -p ~/.var/app/dev.zed.Zed/config/bin

# Copy your podman-remote interceptors into this folder
cat << 'EOF' > ~/.var/app/dev.zed.Zed/config/bin/podman
#!/bin/bash
exec podman-remote "$@"
EOF

cat << 'EOF' > ~/.var/app/dev.zed.Zed/config/bin/docker
#!/bin/bash
exec podman-remote "$@"
EOF

# Make both scripts executable
chmod +x ~/.var/app/dev.zed.Zed/config/bin/podman
chmod +x ~/.var/app/dev.zed.Zed/config/bin/docker
  1. Append it as Flatpak PATH (again, zed should allow path overrule):
flatpak override --user dev.zed.Zed --env=PATH="/var/config/bin:$(flatpak run --command=sh dev.zed.Zed -c 'echo $PATH')"
  1. Disable escape sandboxing and enable the SDK:
# Disable the sandbox escape feature
flatpak override --user dev.zed.Zed --env=ZED_FLATPAK_NO_ESCAPE=1

# Enable the Podman SDK extension inside the sandbox
flatpak override --user dev.zed.Zed --env=FLATPAK_ENABLE_SDK_EXT=podman
  1. Add xdg-run/podman:ro as file access (Other files):
flatpak override --user dev.zed.Zed --filesystem=xdg-run/podman:ro

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions