#Apps attachted to subsystems run under root

For dev purposes I have created some subsystems with a custom home directory, namely dev-yocto at /home/myuser/yocto-home based on debian:stable and dev-gtk at /home/myuser/gtk-home based on vanilla-dev.
The main idea is to have individual .vscode-server folders cause otherwise VScode can't attach to the containers reliably.
The problem is regardless of which app I attach to a given subsystem, I run as root in that subsystem, leaving behind all sorts of files owned by root in my /home.
This is especially annoying when you work on source code and your .git/HEAD is suddenly owned by root.
I'm assuming this is just normal Podman, or even Docker, behavior but is there any way to have those apps running as my user instead when they attach? (Yes, su myuser in the vscode terminal works, but the app itself still runs as root)

Edit: Yes, I use the Remote Container Development stuff

Podman doesn't have root access, so this shouldn't be possible at all

Is the file still owned by root if you run host-shell ls -lh in the folder where your root owned file is?

You are using Vanilla os right? Not some other distro with a custom apx install

 mark@tuf-f17:~/test$ ls -fl
total 4
drwxrwxr-x 1 mark   mark     16 Mär 12 19:12 .
drwx------ 1 mark   mark   1068 Mär 12 19:09 ..
-rw-r--r-- 1 165536 165536    7 Mär 12 19:12 test.txt
mark@tuf-f17:~/test$ 

It seems to be owned by insert check notes joke here lol

This is the latest Vanilla release.

ABRoot Partitions:
 • Present: vos-b ✓
 • Future: vos-a

Loaded Configuration: /etc/abroot/abroot.json

Device Specifications:
 • CPU: Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz
 • GPU: [Intel Corporation CometLake-H GT2 [UHD Graphics] (rev 05) NVIDIA Corporation TU117M [GeForce GTX 1650 Ti Mobile] (rev a1)]
 • Memory: 15835 MB

ABImage:
 • Digest: sha256:e2fefb16dc0387312fca46ab8e5af7b09a6fd3d44f91bc2801742fdeb363a23f
 • Timestamp: 2025-03-03 15:37:59
 • Image: ghcr.io/vanilla-os/nvidia-exp:main

Kernel Arguments: quiet splash bgrt_disable $vt_handoff lsm=integrity

Packages:
 • Added: 
 • Removed: 
 • Unstaged: 

Package agreement: true

Okay so it's not really root, it's just looking like a root owned from inside the container

Checking if I can replicate it

What happens if you create the file via the touch command ?

Still owned as root?

Through vscode yes.

note that I did not su root or anything

Also if you do it from a normal commandline?

then it is my user

Oh wait I think I misunderstood the entire time how you were working

You use the flatpak vscode with the remote working feature to work inside the containers?

Oh my bad, that's indeed how I want this to work

Okay, I don't have any plan how that works inside vscode then

What you can do instead of what I and most others do is either installing vscode directly inside the container or use the dev container feature somehow

how is the server started inside the subsystem?

Well, yes it is just the Dev Container extension, which is a subset of the whole Remote Development bs from MS. On Flathub there's an extension for VScode to add podman-remote to the application and I've pointed the Docker path at podman-remote.

I think its the extension which connects as root

https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user

Have you seen this?

I have not seen this yet 👀