🚑 [HotFix] Fix dev environment for CPU Docker

[yhna940]

What does this PR do?

This PR fixes the development environment setup for the CPU Docker configuration.

• Grant Specific Permissions for the Non-Root User
• Updated onCreateCommand in .devcontainer/devcontainer.json to include make installation, resolving dependency issues during setup.

Motivation:

Currently, attempting to build the dev container with the CPU Docker image leads to permission errors during onCreateCommand, such as:

[433685 ms] Start: Run in container: /bin/sh -c apt-get update && apt-get install -y git && pip install -e '.[dev]'
Reading package lists... Done
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
[433789 ms] onCreateCommand failed with exit code 100. Skipping any further user-provided commands.
[433269 ms] Error: Command failed: /bin/sh -c apt-get update && apt-get install -y git && pip install -e '.[dev]'
[433269 ms]     at G7 (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:235:130)
[433269 ms]     at async tm (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:227:4483)
[433269 ms]     at async $w (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:227:3828)
[433269 ms]     at async em (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:227:2835)
[433269 ms]     at async GrA (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:666:2752)
[433269 ms]     at async LrA (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:665:8554)
[433269 ms]     at async /root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:482:1190
[433273 ms] Exit code 1

This error occurs because onCreateCommand tries to update and install packages without sufficient permissions. By granting specific permission for the non-root user, this PR ensures that the setup process completes without errors, providing a stable development environment.

[muellerzr]

Generally for security this is bad practice to not create a user in the docker image. Is there another solution we can try instead?

[yhna940]

Thank you for your feedback, and I fully agree with your point. Not setting up a non-root user was indeed a critical issue. Instead, I’ve configured the container to grant limited sudo permissions for apt-get and pip commands to the user, which allows necessary installations while maintaining security.

I’ve verified that the package is accessible within the container as expected:

user@f6ece721f352:/workspaces/accelerate$ pip show accelerate
Name: accelerate
Version: 1.1.0.dev0
Summary: Accelerate
Home-page: https://github.com/huggingface/accelerate
Author: The HuggingFace team
Author-email: [email protected]
License: Apache
Location: /opt/venv/lib/python3.9/site-packages
Requires: huggingface-hub, numpy, packaging, psutil, pyyaml, safetensors, torch
Required-by:

Thanks for guiding me towards a more secure solution!

[HuggingFaceDocBuilderDev]

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.