Getting permissions denied error when starting vscode devcontainer on MacOS

[craigers521]

Describe the bug
Attempting to use devcontainers in vscode with Finch, the image seems to pull down but doesnt start due to a permissions issue

Steps to reproduce
Create a new devcontainer and open project in container

Expected behavior
The devcontainer starts

Screenshots or logs

[56437 ms] 
[56437 ms] Start: Run in container: ls '/home/vscode/.gnupg/private-keys-v1.d' 2>/dev/null
[56447 ms] 
[56447 ms] 
[56447 ms] Exit code 2
[56448 ms] Start: Run: gpgconf --list-dirs
[56452 ms] spawn gpgconf ENOENT
[56452 ms] gpg-agent: No agent-extra-socket found on local host.
[56452 ms] Start: Run in container: /bin/sh
[56454 ms] userEnvProbe: loginInteractiveShell (default)
[56455 ms] Start: Run in container: test -f '/tmp/devcontainers-32c9e38c-e7a6-461b-8555-668360d40f311739314532859/env-loginInteractiveShell.json'
[56455 ms] Start: Run in container: echo ~
[56458 ms] 
[56458 ms] 
[56458 ms] Exit code 1
[56458 ms] Start: Run in container: # Test for /home/vscode/.ssh/known_hosts and ssh
[56458 ms] userEnvProbe: not found in cache
[56459 ms] userEnvProbe shell: /bin/bash
[56460 ms] 
[56461 ms] 
[56461 ms] Start: Run in container: # Copy /Users/craegan/.ssh/known_hosts to /home/vscode/.ssh/known_hosts
[56463 ms] 
[56463 ms] 
[56463 ms] Start: Run in container: command -v git >/dev/null 2>&1 && git config --system --replace-all credential.helper '!f() { /home/vscode/.vscode-server/bin/33fc5a94a3f99ebe7087e8fe79fbe1d37a251016/node /tmp/vscode-remote-containers-fcc380f4-cf6d-4671-8bf6-703e42c6292b.js git-credential-helper $*; }; f' || true
[56465 ms] 
[56465 ms] 
[56466 ms] Start: Run in container: for pid in `cd /proc && ls -d [0-9]*`; do { echo $pid ; readlink /proc/$pid/cwd || echo ; readlink /proc/$pid/ns/mnt || echo ; cat /proc/$pid/stat | tr "
[56501 ms] Start: Run in container: cat '/home/vscode/.vscode-server/bin/33fc5a94a3f99ebe7087e8fe79fbe1d37a251016/product.json'
[56507 ms] Command in container failed: cat '/home/vscode/.vscode-server/bin/33fc5a94a3f99ebe7087e8fe79fbe1d37a251016/product.json'
[56507 ms] cat: /home/vscode/.vscode-server/bin/33fc5a94a3f99ebe7087e8fe79fbe1d37a251016/product.json: Permission denied
[56507 ms] Exit code 1
[56740 ms] /home/vscode
[56740 ms] 
[56740 ms] Start: Run in container: cat <<'EOF-/tmp/vscode-remote-containers-fcc380f4-cf6d-4671-8bf6-703e42c6292b.js' >/tmp/vscode-remote-containers-fcc380f4-cf6d-4671-8bf6-703e42c6292b.js
[56742 ms] 
[56742 ms] 
[56742 ms] Start: Run in container: cat <<'EOF-/tmp/vscode-remote-containers-server-fcc380f4-cf6d-4671-8bf6-703e42c6292b.js' >/tmp/vscode-remote-containers-server-fcc380f4-cf6d-4671-8bf6-703e42c6292b.js_1739314590297
[56745 ms] 
[56745 ms] 
[56747 ms] Container server: /bin/sh: 32: /home/vscode/.vscode-server/bin/33fc5a94a3f99ebe7087e8fe79fbe1d37a251016/node: Permission denied
[56750 ms] Container server: time="2025-02-11T16:56:30-06:00" level=fatal msg="exec failed with exit code 126"
[56758 ms] Error reading shell environment.
[56758 ms] Error: stream ended with:0 but wanted:9
        at l (/Users/craegan/.vscode/extensions/ms-vscode-remote.remote-containers-0.397.0/dist/extension/extension.js:27:22149)
        at /Users/craegan/.vscode/extensions/ms-vscode-remote.remote-containers-0.397.0/dist/extension/extension.js:27:22330
        at s (/Users/craegan/.vscode/extensions/ms-vscode-remote.remote-containers-0.397.0/dist/extension/extension.js:30:5371)
        at Socket.<anonymous> (/Users/craegan/.vscode/extensions/ms-vscode-remote.remote-containers-0.397.0/dist/extension/extension.js:30:5541)
        at Socket.emit (node:events:530:35)
        at endReadableNT (node:internal/streams/readable:1698:12)
        at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
[56758 ms] Start: Run in container: mkdir -p '/tmp/devcontainers-32c9e38c-e7a6-461b-8555-668360d40f311739314532859' && cat > '/tmp/devcontainers-32c9e38c-e7a6-461b-8555-668360d40f311739314532859/env-loginInteractiveShell.json' << 'envJSON'
[56758 ms] Container server terminated (code: 1, signal: null).
[56758 ms] Container server terminated early. Not reconnecting.
[56761 ms] 
[56761 ms] 

finch-support-20250211170403.zip

Additional context
Add any other context about the problem here.

To help debug the issue as quickly as possible, we recommend generating a support bundle with finch support-bundle generate and attaching it to this issue. This packages all Finch-related configs and logs into one file.

[Shubhranshu153]

May be we can use the remoteUser option in devcontainer.json to start container in the specified user of the container image.

[Shubhranshu153]

The PR to fix this issue has been out for review in upstream.
For now setting up the remoteUser option is an work around available. Once the pr is merged we can close the issue

https://github.com/containerd/nerdctl/actions/runs/13862521817/job/38794189803?pr=4007