From 736e9ff05c95a630f7f950565a85ea3b656d6916 Mon Sep 17 00:00:00 2001
From: Ratchanan Srirattanamet <peathot@hotmail.com>
Date: Mon, 3 Mar 2025 11:31:54 +0000
Subject: [PATCH] .devcontainer: add commands to adjust permissions under
 Codespaces

This commit does 2 things:

- Remove "default permission" from ACL table of /tmp. This is to prevent
  "error: suspicious ownership or permission on '<...>' for output
  'out'; rejecting this build output" error. See:
  https://github.com/NixOS/nix/issues/6680#issuecomment-1230902525
- Set permission of /dev/kvm so that it can be used by NixOS tests.

Note that this is tested on GitHub Codespaces only; I'm not sure how
VSCode's local devcontainer handling will react. Although I've added a
guard code in case /dev/kvm does not exist in that environment.
---
 .devcontainer/devcontainer.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 02b2f9f0273d..bc54d8698499 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -9,6 +9,10 @@
       "extraNixConfig": "experimental-features = nix-command flakes,sandbox = true"
     }
   },
+  // Fixup permissions inside container.
+  // https://github.com/NixOS/nix/issues/6680#issuecomment-1230902525
+  "postCreateCommand": "sudo apt-get install -y acl",
+  "postStartCommand": "sudo setfacl -k /tmp; if [ -e /dev/kvm ]; then sudo chgrp $(id -g) /dev/kvm; fi",
   "customizations": {
     "vscode": {
       "extensions": [