From f1472ffcac48508fb24f78c45766900a6d73116e Mon Sep 17 00:00:00 2001
From: Nicolas Giard <github@ngpixel.com>
Date: Fri, 13 May 2022 15:13:50 -0400
Subject: [PATCH] chore: run devcontainer as user vscode instead of root
 (#3948)

---
 .devcontainer/devcontainer.json |  4 ++--
 docker/app.Dockerfile           | 12 +++++++-----
 docker/scripts/app-init.sh      |  9 +++++----
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 2dfb7bd7b..176eb4b9a 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -96,11 +96,11 @@
             "label": "MariaDB",
             "onAutoForward": "silent"
         }
-    }
+    },
     
     // Use 'postCreateCommand' to run commands after the container is created.
     // "postCreateCommand": "sh /docker-init.sh",
     
     // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
-    // "remoteUser": "django"
+    "remoteUser": "vscode"
 }
diff --git a/docker/app.Dockerfile b/docker/app.Dockerfile
index 722df05bc..637fbafd3 100644
--- a/docker/app.Dockerfile
+++ b/docker/app.Dockerfile
@@ -114,11 +114,6 @@ ENV LC_ALL en_US.UTF-8
 ADD https://raw.githubusercontent.com/ietf-tools/idnits-mirror/main/idnits /usr/local/bin/
 RUN chmod +rx /usr/local/bin/idnits
 
-# Install current datatracker python dependencies
-COPY requirements.txt /tmp/pip-tmp/
-RUN pip3 --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt \
-    && rm -rf /tmp/pip-tmp
-
 # Turn off rsyslog kernel logging (doesn't work in Docker)
 RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
 
@@ -137,4 +132,11 @@ RUN sed -i 's/\r$//' /docker-init.sh && \
 RUN mkdir -p /workspace
 WORKDIR /workspace
 
+USER vscode:vscode
+
+# Install current datatracker python dependencies
+COPY requirements.txt /tmp/pip-tmp/
+RUN pip3 --disable-pip-version-check --no-cache-dir install --user -r /tmp/pip-tmp/requirements.txt
+RUN sudo rm -rf /tmp/pip-tmp
+
 # ENTRYPOINT [ "/docker-init.sh" ]
diff --git a/docker/scripts/app-init.sh b/docker/scripts/app-init.sh
index 6a29bbb6d..0aad0b39b 100755
--- a/docker/scripts/app-init.sh
+++ b/docker/scripts/app-init.sh
@@ -2,11 +2,11 @@
 
 WORKSPACEDIR="/workspace"
 
-service rsyslog start
+sudo service rsyslog start
 
 # fix permissions for npm-related paths
 WORKSPACE_UID_GID=$(stat --format="%u:%g" "$WORKSPACEDIR")
-chown -R "$WORKSPACE_UID_GID" "$WORKSPACEDIR/.parcel-cache"
+sudo chown -R "$WORKSPACE_UID_GID" "$WORKSPACEDIR/.parcel-cache"
 
 # Build node packages that requrie native compilation
 echo "Compiling native node packages..."
@@ -71,7 +71,8 @@ fi
 
 # Run memcached
 
-/usr/bin/memcached -u root -d
+echo "Starting memcached..."
+/usr/bin/memcached -u vscode -d
 
 # Initial checks
 
@@ -99,6 +100,6 @@ if [ -z "$EDITOR_VSCODE" ]; then
         bash -c "$*"
         CODE=$?
     fi
-    service rsyslog stop
+    sudo service rsyslog stop
     exit $CODE
 fi