From 7bc9a222bd71778a93b05f5ed0b0e6730c0706cf Mon Sep 17 00:00:00 2001 From: Lutz Reinhardt Date: Mon, 6 Oct 2025 15:12:21 +0000 Subject: [PATCH 1/2] Document state of linux-sandbox in the container linux-sandbox does not work by default and is by some expected to work. --- README.md | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a984f10..b541e69 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,8 @@ Modifying the content of the container is explained in the [Development](#develo ## Usage -> **NOTE:** There are several development environments which support development containers; most notably [Visual Studio Code](https://code.visualstudio.com), but also [IntelliJ IDEA](https://www.jetbrains.com/idea) and others. +> [!NOTE] +> There are several development environments which support development containers; most notably [Visual Studio Code](https://code.visualstudio.com), but also [IntelliJ IDEA](https://www.jetbrains.com/idea) and others. > See [here](https://containers.dev/supporting) for a more complete list. > In the following, we assume that [Visual Studio Code](https://code.visualstudio.com) and its Dev Containers extension is used. The [Dev Containers extension homepage](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) has a description how to get up to speed on Windows, macOS and Linux operating systems. @@ -43,6 +44,23 @@ Afterwards, Visual Studio Code should show this in the lower left corner of your ![Dev container success](resources/devcontainer_success.png) +### Bazel's `linux-sandbox` + +`linux-sandbox` makes use of [Linux user namespaces](https://man7.org/linux/man-pages/man7/user_namespaces.7.html). +These only work for `linux-sandbox` as expected, if the following snipped is added to the `.devcontainer/devcontainer.json`: + +```json + "runArgs": [ + "--privileged" + ] +``` + +In this case using `--privileged` is [recommended by Bazel](https://bazel.build/docs/sandboxing#sandboxing-strategies), +probably due to lack of alternatives. + +> [!NOTE] +> If `linux-sandbox` is not needed, do not add this snippet. + ### Inside the Container Open a Terminal, and - for example - type `bazel build ...` to execute the default build of the repository. @@ -58,7 +76,8 @@ Congratulations, you are now a dev container enthusiast 😊. ## Development -> **NOTE:** This is about the development *of the DevContainer*, not about development of Eclipse S-CORE *using* the DevContainer. +> [!NOTE] +> This is about the development *of the DevContainer*, not about development of Eclipse S-CORE *using* the DevContainer. The [Eclipse S-CORE](https://github.com/eclipse-score) development container is developed using - a development container! That means, the usage is similarly simple: From f29b113599ad92e6e8ae1c9f969e905e86184a29 Mon Sep 17 00:00:00 2001 From: Lutz Reinhardt Date: Tue, 7 Oct 2025 10:11:35 +0000 Subject: [PATCH 2/2] fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b541e69..3de6c4a 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ Afterwards, Visual Studio Code should show this in the lower left corner of your ### Bazel's `linux-sandbox` `linux-sandbox` makes use of [Linux user namespaces](https://man7.org/linux/man-pages/man7/user_namespaces.7.html). -These only work for `linux-sandbox` as expected, if the following snipped is added to the `.devcontainer/devcontainer.json`: +These only work for `linux-sandbox` as expected, if the following snippet is added to the `.devcontainer/devcontainer.json`: ```json "runArgs": [