Improving Podman users experience: docker-in-docker #10706

l0rd · 2025-02-14T17:21:17Z

Hi 👋, I am Mario, and I am a Podman maintainer.

Kudos to the team for the Dev Containers extension 🚀. It's a great project, and we look forward to collaborating to improve Podman users' UX.

For this reason, I would like to suggest a solution to run commands that require docker-in-docker, such as “Dev Containers: Try a Dev Container Sample” and “Dev Containers: Clone Repository in Container Volume…” with Podman.

Podman can currently do docker-in-docker, but requires an extra flag (--security-opt label=disable) compared to Docker:

# Fail
podman run -t --rm -v /var/run/docker.sock:/var/run/docker.sock docker:latest docker ps
# Work
podman run --security-opt label=disable -t --rm -v /var/run/docker.sock:/var/run/docker.sock docker:latest docker ps

Docker doesn’t mind because --security-opt label=disable is the default:

# Work
docker run -t --rm -v /var/run/docker.sock:/var/run/docker.sock docker docker:latest ps
# Work
docker run --security-opt label=disable -t --rm -v /var/run/docker.sock:/var/run/docker.sock docker:latest docker ps

To address the docker-in-docker problem for Podman, without affecting Docker, you could specify --security-opt label=disable every time you mount the /var/run/docker.sock in a container. Is it something that you can change?

VSCode Version: 1.96.4
Local OS Version: macOS 15.3
Remote OS Version: Fedora 41
Remote Extension/Connection Type: Dev Containers
Logs:

[2025-02-14T17:03:59.108Z] Start: Run in container: docker volume ls -q
[2025-02-14T17:03:59.214Z] Stop (106 ms): Run in container: docker volume ls -q
[2025-02-14T17:03:59.215Z] Start: Run: /Users/mloriedo/Git/podman/bin/darwin/podman rm -f c7f217518982d6099a73972e0ba2b8647f739f8577cecace95f8dcf716765839
[2025-02-14T17:03:59.218Z] Command failed: docker volume ls -q
[2025-02-14T17:03:59.218Z] permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.45/volumes": dial unix /var/run/docker.sock: connect: permission denied
[2025-02-14T17:03:59.218Z] Exit code 1
[2025-02-14T17:04:09.150Z] Start: Run: /Users/mloriedo/Git/podman/bin/darwin/podman volume ls -q
[2025-02-14T17:04:09.254Z] Stop (104 ms): Run: /Users/mloriedo/Git/podman/bin/darwin/podman volume ls -q

Steps to Reproduce:

Configure Dev Containers extension to use podman as described in doc
Open the command palette and select Dev Containers: Try a Dev Container Sample and select one of the samples

Does this issue occur when you try this locally?: No
Does this issue occur when you try this locally and all extensions are disabled?: No

The text was updated successfully, but these errors were encountered:

chrmarti · 2025-02-19T07:29:49Z

Hi Mario, thanks for investigating, this makes sense!

vs-code-engineering bot assigned chrmarti Feb 14, 2025

vs-code-engineering bot added the containers Issue in vscode-remote containers label Feb 14, 2025

chrmarti added the debt label Feb 19, 2025

chrmarti added this to the March 2025 milestone Feb 19, 2025

chrmarti added the podman Dev Container using Podman label Feb 19, 2025

chrmarti added a commit to devcontainers/features that referenced this issue Feb 19, 2025

Fix access to socket for Podman (microsoft/vscode-remote-release#10706)

3208810

chrmarti mentioned this issue Feb 19, 2025

Fix access to socket for Podman devcontainers/features#1278

Open

chrmarti modified the milestones: March 2025, February 2025 Feb 19, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improving Podman users experience: docker-in-docker #10706

Improving Podman users experience: docker-in-docker #10706

l0rd commented Feb 14, 2025 •

edited

Loading

chrmarti commented Feb 19, 2025

Improving Podman users experience: docker-in-docker #10706

Improving Podman users experience: docker-in-docker #10706

Comments

l0rd commented Feb 14, 2025 • edited Loading

chrmarti commented Feb 19, 2025

l0rd commented Feb 14, 2025 •

edited

Loading