How to install Visual Studio Code(VSCode) inside an LXC container

Visual Studio Code or vscode is a really great editor. One of its most advanced features that most other editors don't have is the VS Code Remote Development which can enable a bloat-free development-environment by leveraging Docker or other container solutions.

However, licensing issues(explained here and here) means that the only version of vscode that works with the "remote development extension" is the binary(or closed-source) version.

I found a bug report discussing this and why the open-source version(known as Code) does not support the powerful "remote development extension". Wearing a (small) tinfoil hat, I figured that it would be a good idea to isolate vscode itself into a container for 2 purposes:

1. To test if the binary does any undisclosed things like making perpetual pings back home(in a future blog post)
2. Seeing if a containerized-vscode can speak to other containers via SSH(SSH is 1 of the supported protocols for non-Docker containers)

Pre-requisites

I use a Linux-based distro as the host and I am not sure if this will apply to Mac/Windows because of the X11-forwarding that is needed. (If this does work on your Windows/Mac PC, send me an email and I'll update this post with your commands).

• LXC, SSH (on the host)
• Some familiarity with the commandline
• Ubuntu 20.04(container)

You can use the following article to install LXC

Creating/Accessing the Ubuntu 20.04 container

To create the Ubuntu 20.04 container, run the following command(from the host):

sudo lxc-create -n vscode -t download -- --dist ubuntu --release focal --arch amd64

• -n vscode - the name of the container
• --dist ubuntu - Ubuntu as the OS
• --release focal - 20.04 as the release
• --arch amd64 - x86-64bit as the architecture

This process should take a while(depending on internet speed). Once it is complete, start the container using:

sudo lxc-start -n vscode -d

And access a shell of the container using:

sudo lxc-attach -n vscode

If you enter as root, use the following to enter as the user: su ubuntu

(Note 1: this shell is not the same as an SSH connection, so X11-forwarding won't work via it, as far as I am aware) (Note 2: sudo may not be needed for unprivileged containers, so if you don't need it, don't use it)

Installing required packages in the container

The container requires a number of packages in order to run a GUI application like vscode. For basic programs like xclock, not as many packages were needed, but for vscode, the installation might feel 'bloated'. Install the following(after 'attaching' the container and being in the container shell):

sudo apt update
sudo apt upgrade
sudo apt install xauth ssh

(xauth might already be installed)

Now install some of the other required packages:

sudo apt-get install libxss1 libxshmfence1 libxext-dev libxrender-dev libxslt1.1 libgconf-2-4 libnotify4 libnspr4 libnss3 libnss3-dev libnss3-tools libxtst-dev libgtk2.0-0 libcanberra-gtk-module software-properties-common gnupg2

I am not sure what half of these are for, but the reference for why I needed to install them is here: docker-vscode Dockerfile. I attempted to install the least amount of packages to get vscode running. Prior to installing these packages, vscode was not working.

Configuring SSH in the container

First we will give the ubuntu user a password. I found that even though the container ubuntu user seems to have 'ubuntu' as a password, this password didn't work when trying to SSH into the container(from the host). Run(while in the container):

sudo passwd ubuntu

I used 'ubuntu' for the new password(just to simplify the installation).

Before connecting to the container via SSH, the SSH needs to be configured with the appropriate changes.

Open the SSH config file:

sudo vim /etc/ssh/sshd_config

Only the changes will be shown below. Please look for these lines in the sshd_config file and change them appropriately(some of them also require that the # be removed, otherwise the line remains commented):

PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10

Exit the vim editor and now restart the SSH service:

sudo systemctl restart sshd

You can confirm SSH is working by running:

sudo systemctl status sshd

Now we can test if it is possible to SSH into the container from the host(you can just open a new tab/window in your terminal). First find the IP address of the container(run this on the host):

sudo lxc-info -n vscode

The output should give you a local IP address to connect to the container. This IP should be similar to your host IP. Example:

Host IP: 10.0.4.1

Container IP: 10.0.4.62

Now that we have the container IP, run the following command(from the host):

ssh ubuntu@<container-IP>

The SSH prompt should say the following:

The authenticity of host '<container-IP> (<container-IP>)' can't be established.
ED25519 key fingerprint is SHA256:fXFuBKAXm2HgFGuKVFpu+bRIR/2tzxBIWVH+dkQh9KE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Enter: yes

Then you will be prompted to enter the password for user ubuntu, enter: 'ubuntu'

You should now be in the container via SSH if successful.

Installing vscode in the container

The vscode website provides an adequate explanation for installing vscode on linux, but I preferred this installation method: How to Install Visual Studio Code on Ubuntu 20.04. I will reproduce the installation below for convenience.

Add the Microsoft repo(while in the container):

wget -q https://packages.microsoft.com/keys/microsoft.asc -O- | sudo apt-key add -

The only output to confirm everything worked is the word: OK

Now add the repo:

sudo add-apt-repository "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main"

and now install vscode(I installed code-insiders to be at a more "bleeding-edge" version of vscode, but installing the stable version should work as well. If the stable doesn't work, install the code-insiders, as it may have fixed some bugs):

sudo apt install code-insiders

If you wish, you can restart the container now(as restarting always seems to 'fix' things even if they are working).

SSH and start vscode

Now from the host, we connect to the container with X-forwarding enabled using this command:

ssh ubuntu@<container-IP>

After entering the password 'ubuntu', we should now be in the container once again. Now run this command(while in the container):

code-insiders --disable-gpu

vscode will now start and the display should look like:

Conclusion and next steps

In the next article, I will investigate how to opt-out of Windows tracking in vscode(I thought it was supposed to be opt-in as per GDPR). I will also look at what network calls are made before/after opting-out to see how much data is still harvested by this proprietary binary and perhaps also add some rules to block the application from making any network calls at all.

References

Linux Containers LXC page How to forward X over SSH to run graphics applications remotely? How to run GUI applications in an LXC Container How to start a GUI software on a remote Linux PC via SSH