A technical guide to bridging the Flatpak sandbox for VS Code on Bazzite. It covers using host-spawn for Podman Dev Container support and configuring D-Bus permissions for KWallet/Copilot integration.

Bazzite-VSCode-Dev-Setup.md

VS Code Flatpak Setup: Podman & KWallet (Bazzite/KDE)

This guide explains how to grant the Flatpak version of Visual Studio Code access to Podman (for Dev Containers) and the KWallet keyring (for GitHub Copilot) on Bazzite KDE.

1. Enabling Podman for Flatpak VS Code

Since VS Code runs in a sandbox, it cannot directly access the host's Podman binary. We use host-spawn to bridge this gap.

Binary Preparation

1. Download the latest host-spawn-x86_64 from the GitHub Releases.
2. Create the target directory and copy the binary:

# Create the directory inside the VS Code sandbox
mkdir -p ~/.var/app/com.visualstudio.code/data/node_modules/bin/

# Copy the file (adjust the source path if your download folder differs)
cp ~/Downloads/host-spawn-x86_64 ~/.var/app/com.visualstudio.code/data/node_modules/bin/host-spawn

# Set permissions and create a symlink for podman
cd ~/.var/app/com.visualstudio.code/data/node_modules/bin/
chmod +x host-spawn
ln -s host-spawn podman

Configure VS Code Settings

Add the following lines to your settings.json in VS Code so the Dev Containers extension uses the new path:

{
    "dev.containers.dockerComposePath": "podman-compose",
    "dev.containers.dockerPath": "podman",
    "dev.containers.dockerSocketPath": "/var/run/podman.sock"
}

---

2. KWallet Permissions (for Copilot Secrets)

To allow VS Code to persistently store credentials (e.g., for GitHub Copilot) in KDE Plasma, the sandbox needs access to the Secret Service.

Via Terminal (Recommended)

Run this command to set the necessary D-Bus permissions:

flatpak override --user --talk-name=org.freedesktop.secrets --talk-name=org.kde.kwalletd6 com.visualstudio.code

Alternative: Manually via Flatseal

If you prefer a graphical interface:

1. Open Flatseal and select Visual Studio Code.
2. Scroll to the Session Bus → Talk section.
3. Add the following two entries:

• org.freedesktop.secrets
• org.kde.kwalletd6

---

3. User Mappping

When attaching VS Code to a Distrobox, you might run into find yourself logged in as the root user.

Enable Host User Mapping

To ensure VS Code uses your host's username and permissions inside the container, add this to:

Dev Container > Open Attached Container Configuration File

"remoteUser": "${localEnv:USER}"

4. Resetting the VS Code Server

If you recreate a Distrobox, delete one, or change your user settings, the VS Code backend inside the container (~/.vscode-server) often gets corrupted or points to a non-existent environment.

Option A: The "Clean" Way (Within VS Code)

If you can still open VS Code, use the built-in command to avoid deleting everything manually:

1. Press Ctrl + Shift + P.
2. Search for: Dev-Containers: Clean Up Dev Containers.
3. Follow the prompts to remove unused container data.

Option B: The "Nuclear" Way (Terminal)

If the connection fails or you have persistent permission errors, manually delete the server directory. VS Code will automatically reinstall it (cleanly) the next time you connect:

# Run this on your host terminal
rm -rf ~/.vscode-server

Tip

When is this necessary? > You should definitely run this if you deleted a Distrobox and created a new one with the same name, or if you encounter "Permission Denied" errors during the "Starting VS Code Server" phase.

5. Disable Automatic Port Forwarding

some dev servers like NextJs have problems using the automatic port forwarding, you can disable it using the following commands:

{
     "remote.autoForwardPorts": false,
     "remote.forwardOnOpen": false,
     "remote.portsAttributes": {
        "*": {
          "onAutoForward": "ignore"
        }
      },
}