.devcontainer: add commands to adjust permissions under Codespaces

This commit does 2 things: - Remove "default permission" from ACL table of /tmp. This is to prevent "error: suspicious ownership or permission on '<...>' for output 'out'; rejecting this build output" error. See: https://github.com/NixOS/nix/issues/6680#issuecomment-1230902525 - Set permission of /dev/kvm so that it can be used by NixOS tests. Note that this is tested on GitHub Codespaces only; I'm not sure how VSCode's local devcontainer handling will react. Although I've added a guard code in case /dev/kvm does not exist in that environment.
author: Ratchanan Srirattanamet <peathot@hotmail.com> 2025-03-03 11:31:54 +0000
committer: Ratchanan Srirattanamet <peathot@hotmail.com> 2025-03-03 11:31:54 +0000
commit: 736e9ff05c95a630f7f950565a85ea3b656d6916 (patch)
tree: 4867f3abcc236a4aee9d13aa249f7b7023d0a1e8 /.devcontainer
parent: 20ec0eab411e51c9bba75c97ca68f3533150f4be (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 02b2f9f0273d..bc54d8698499 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -9,6 +9,10 @@
       "extraNixConfig": "experimental-features = nix-command flakes,sandbox = true"
     }
   },
+  // Fixup permissions inside container.
+  // https://github.com/NixOS/nix/issues/6680#issuecomment-1230902525
+  "postCreateCommand": "sudo apt-get install -y acl",
+  "postStartCommand": "sudo setfacl -k /tmp; if [ -e /dev/kvm ]; then sudo chgrp $(id -g) /dev/kvm; fi",
   "customizations": {
     "vscode": {
       "extensions": [
author	Ratchanan Srirattanamet <peathot@hotmail.com>	2025-03-03 11:31:54 +0000
committer	Ratchanan Srirattanamet <peathot@hotmail.com>	2025-03-03 11:31:54 +0000
commit	736e9ff05c95a630f7f950565a85ea3b656d6916 (patch)
tree	4867f3abcc236a4aee9d13aa249f7b7023d0a1e8 /.devcontainer
parent	20ec0eab411e51c9bba75c97ca68f3533150f4be (diff)