mirror of
https://github.com/containers/bootc.git
synced 2026-02-05 15:45:53 +01:00
c7c6d52e51
Synchronized from bootc-dev/infra@e15b9622fc. Signed-off-by: bootc-dev Bot <bot@bootc.dev>
34 lines
970 B
JSON
34 lines
970 B
JSON
{
|
|
"name": "bootc-devenv-debian",
|
|
// TODO override this back to prod image
|
|
"image": "ghcr.io/bootc-dev/devenv-debian",
|
|
"customizations": {
|
|
"vscode": {
|
|
// Abitrary, but most of our code is in one of these two
|
|
"extensions": [
|
|
"rust-lang.rust-analyzer",
|
|
"golang.Go"
|
|
]
|
|
}
|
|
},
|
|
"features": {},
|
|
"runArgs": [
|
|
// Minimal security options for nested podman (avoids --privileged):
|
|
// - label=disable: Required for mounting /proc in nested user namespace
|
|
// - unmask=/proc/*: Allows access to /proc paths needed for nested containers
|
|
"--security-opt", "label=disable",
|
|
"--security-opt", "unmask=/proc/*",
|
|
// Device access for nested containers and VMs
|
|
"--device", "/dev/net/tun",
|
|
"--device", "/dev/kvm"
|
|
],
|
|
"postCreateCommand": {
|
|
// Our init script
|
|
"devenv-init": "sudo /usr/local/bin/devenv-init.sh"
|
|
},
|
|
"remoteEnv": {
|
|
"PATH": "${containerEnv:PATH}:/usr/local/cargo/bin"
|
|
}
|
|
}
|
|
|