Visual Studio Code or vscode is a really great editor. One of its most advanced features that most other editors don't have is the VS Code Remote Development which can enable a bloat-free development-environment by leveraging Docker or other container solutions.
I found a bug report discussing this and why the open-source version(known as Code) does not support the powerful "remote development extension". Wearing a (small) tinfoil hat, I figured that it would be a good idea to isolate vscode itself into a container for 2 purposes:
- To test if the binary does any undisclosed things like making perpetual pings back home(in a future blog post)
- Seeing if a containerized-vscode can speak to other containers via SSH(SSH is 1 of the supported protocols for non-Docker containers)
I use a Linux-based distro as the host and I am not sure if this will apply to Mac/Windows because of the X11-forwarding that is needed. (If this does work on your Windows/Mac PC, send me an email and I'll update this post with your commands).
- LXC, SSH (on the host)
- Some familiarity with the commandline
- Ubuntu 20.04(container)
You can use the following article to install LXC
Creating/Accessing the Ubuntu 20.04 container
To create the Ubuntu 20.04 container, run the following command(from the host):
sudo lxc-create -n vscode -t download -- --dist ubuntu --release focal --arch amd64
-n vscode- the name of the container
--dist ubuntu- Ubuntu as the OS
--release focal- 20.04 as the release
--arch amd64- x86-64bit as the architecture
This process should take a while(depending on internet speed). Once it is complete, start the container using:
sudo lxc-start -n vscode -d
And access a shell of the container using:
sudo lxc-attach -n vscode
If you enter as
root, use the following to enter as the user:
(Note 1: this shell is not the same as an SSH connection, so X11-forwarding won't work via it, as far as I am aware)
sudo may not be needed for unprivileged containers, so if you don't need it, don't use it)
Installing required packages in the container
The container requires a number of packages in order to run a GUI application like vscode. For basic programs like
xclock, not as many packages were needed, but for vscode, the installation might feel 'bloated'. Install the following(after 'attaching' the container and being in the container shell):
sudo apt update sudo apt upgrade sudo apt install xauth ssh
xauth might already be installed)
Now install some of the other required packages:
sudo apt-get install libxss1 libxshmfence1 libxext-dev libxrender-dev libxslt1.1 libgconf-2-4 libnotify4 libnspr4 libnss3 libnss3-dev libnss3-tools libxtst-dev libgtk2.0-0 libcanberra-gtk-module software-properties-common gnupg2
I am not sure what half of these are for, but the reference for why I needed to install them is here: docker-vscode Dockerfile. I attempted to install the least amount of packages to get vscode running. Prior to installing these packages, vscode was not working.
Configuring SSH in the container
First we will give the
ubuntu user a password. I found that even though the container
ubuntu user seems to have 'ubuntu' as a password, this password didn't work when trying to SSH into the container(from the host). Run(while in the container):
sudo passwd ubuntu
I used 'ubuntu' for the new password(just to simplify the installation).
Before connecting to the container via SSH, the SSH needs to be configured with the appropriate changes.
Open the SSH config file:
sudo vim /etc/ssh/sshd_config
Only the changes will be shown below. Please look for these lines in the
sshd_config file and change them appropriately(some of them also require that the
# be removed, otherwise the line remains commented):
PasswordAuthentication yes X11Forwarding yes X11DisplayOffset 10
vim editor and now restart the SSH service:
sudo systemctl restart sshd
You can confirm SSH is working by running:
sudo systemctl status sshd
Now we can test if it is possible to SSH into the container from the host(you can just open a new tab/window in your terminal). First find the IP address of the container(run this on the host):
sudo lxc-info -n vscode
The output should give you a local IP address to connect to the container. This IP should be similar to your host IP. Example:
Now that we have the container IP, run the following command(from the host):
The SSH prompt should say the following:
The authenticity of host '<container-IP> (<container-IP>)' can't be established. ED25519 key fingerprint is SHA256:fXFuBKAXm2HgFGuKVFpu+bRIR/2tzxBIWVH+dkQh9KE. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])?
Then you will be prompted to enter the password for user
ubuntu, enter: 'ubuntu'
You should now be in the container via SSH if successful.
Installing vscode in the container
The vscode website provides an adequate explanation for installing vscode on linux, but I preferred this installation method: How to Install Visual Studio Code on Ubuntu 20.04. I will reproduce the installation below for convenience.
Add the Microsoft repo(while in the container):
wget -q https://packages.microsoft.com/keys/microsoft.asc -O- | sudo apt-key add -
The only output to confirm everything worked is the word:
Now add the repo:
sudo add-apt-repository "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main"
and now install vscode(I installed
code-insiders to be at a more "bleeding-edge" version of vscode, but installing the stable version should work as well. If the stable doesn't work, install the
code-insiders, as it may have fixed some bugs):
sudo apt install code-insiders
If you wish, you can restart the container now(as restarting always seems to 'fix' things even if they are working).
SSH and start vscode
Now from the host, we connect to the container with X-forwarding enabled using this command:
After entering the password 'ubuntu', we should now be in the container once again. Now run this command(while in the container):
vscode will now start and the display should look like:
Conclusion and next steps
In the next article, I will investigate how to opt-out of Windows tracking in vscode(I thought it was supposed to be opt-in as per GDPR). I will also look at what network calls are made before/after opting-out to see how much data is still harvested by this proprietary binary and perhaps also add some rules to block the application from making any network calls at all.
If you don't know how to use RSS and want email updates on my new content, consider Joining my Newsletter
The original content of this blog is a Waqf solely for the Pleasure of Allah. You are hereby granted full permission to copy, download, distribute, publish and share this content without modification under condition that full attribution is given to this author by creating a link either above or below the content that links back to the original source of the content. For any questions or ambiguity, you are requested to contact me via email for clarification.