microsoft
Dev Containers fails safe.directory detection when folder path contains square brackets on Windows
- VSCode Version: 1.101.0
- Local OS Version: Windows 11 24H2 26100.4351
- Remote OS Version: Debian (devcontainer image:
mcr.microsoft.com/devcontainers/python:1-3.12-bullseye) - Remote Extension/Connection Type: Dev Containers
Steps to Reproduce:
- Clone or create a Git repo inside a path with square brackets, e.g.
C:\[Test]\MyRepo - Open the folder with "Dev Containers: Open Folder in Container"
- Observe that
safe.directoryis not added - Run
git statusin the container →fatal: detected dubious ownership in repository - Rename the folder to remove brackets and repeat → it works as expected
Likely explanation:
When opening a folder with Dev Containers, the extension runs the following PowerShell command:
powershell -NoProfile -NonInteractive -Command (Get-Acl .).Owner
to determine whether the current Windows user owns the folder.
This can fail when the working directory path contains special characters like square brackets ([ ]), as PowerShell may not resolve the relative path (.) correctly. As a result, the command can return an unexpected or incorrect owner value.
The extension then assumes the folder is not owned by the current user, skips adding it to safe.directory, and Git reports a “dubious ownership” error inside the container.
Possible solution:
I think this could be resolved by replacing the use of (.) with an explicit absolute path inside single quotes and using -LiteralPath, like this:
powershell -NoProfile -NonInteractive -Command "(Get-Acl -LiteralPath '${path.replace(/'/g, "''")}').Owner"
(If the path is built dynamically, single quotes inside it must be escaped by doubling them - e.g. ' → '' — to avoid PowerShell syntax errors)
This ensures the path is interpreted literally and prevents PowerShell from misparsing valid folder names that contain special characters.
There are also other places in the extension where PowerShell commands are used to operate on paths. These could be affected as well.
Container log when in a folder with brackets:
[11686 ms] safe.directory: Looking up root folder for workspace folder '/workspaces/OpenHands'.
[11686 ms] Start: Run in container: command -v git >/dev/null 2>&1 && ROOT_FOLDER="$(git -C '/workspaces/OpenHands' rev-parse --show-toplevel)" && test "$(stat -c %u "$ROOT_FOLDER")" != "$(id -u)" && echo -n "$ROOT_FOLDER"
[11701 ms]
[11701 ms] fatal: detected dubious ownership in repository at '/workspaces/OpenHands'
To add an exception for this directory, call:
git config --global --add safe.directory /workspaces/OpenHands
[11701 ms] Exit code 128
[11702 ms] safe.directory: Checking host ownership of root folder '/workspaces/OpenHands' at mount point '/workspaces/OpenHands'.
[11702 ms] Start: Run: powershell -NoProfile -NonInteractive -Command (Get-Acl .).Owner
[11906 ms] NT SERVICE\TrustedInstaller
[11906 ms]
[11906 ms] Start: Run: powershell -NoProfile -NonInteractive -Command [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
[12073 ms] VM-W11\llamantino
[12073 ms]
[12073 ms] safe.directory: 'c:\[Test]\OpenHands' owned by 'NT SERVICE\TrustedInstaller', current user is 'VM-W11\llamantino'.
[12074 ms] Start: Updating configuration state
[12077 ms] Start: Setup shutdown monitor
[12078 ms] Forking shutdown monitor: c:\Users\llamantino\.vscode\extensions\ms-vscode-remote.remote-containers-0.417.0\dist\shutdown\shutdownMonitorProcess \\.\pipe\vscode-remote-containers-1d2a7b3a-c59f-4f22-80f5-ae0efaf10ad2-sock singleContainer Debug c:\Users\llamantino\AppData\Roaming\Code\logs\20250613T151208\window8\exthost\ms-vscode-remote.remote-containers 1749916669931
[12096 ms] Start: Run in container: test -d '/home/vscode/.vscode-server'
Container log when in a folder without brackets:
[11840 ms] safe.directory: Looking up root folder for workspace folder '/workspaces/OpenHands'.
[11840 ms] Start: Run in container: command -v git >/dev/null 2>&1 && ROOT_FOLDER="$(git -C '/workspaces/OpenHands' rev-parse --show-toplevel)" && test "$(stat -c %u "$ROOT_FOLDER")" != "$(id -u)" && echo -n "$ROOT_FOLDER"
[11856 ms]
[11856 ms] fatal: detected dubious ownership in repository at '/workspaces/OpenHands'
To add an exception for this directory, call:
git config --global --add safe.directory /workspaces/OpenHands
[11856 ms] Exit code 128
[11856 ms] safe.directory: Checking host ownership of root folder '/workspaces/OpenHands' at mount point '/workspaces/OpenHands'.
[11856 ms] Start: Run: powershell -NoProfile -NonInteractive -Command (Get-Acl .).Owner
[12064 ms] VM-W11\llamantino
[12064 ms]
[12064 ms] Start: Run: powershell -NoProfile -NonInteractive -Command [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
[12232 ms] VM-W11\llamantino
[12232 ms]
[12232 ms] safe.directory: 'c:\Test\OpenHands' owned by 'VM-W11\llamantino', current user is 'VM-W11\llamantino'.
[12232 ms] safe.directory: Root folder '/workspaces/OpenHands' owned by current user on host but not owned by remote user in container. Adding to safe directory list in Git system config.
[12233 ms] Start: Run in container: /bin/sh
[12252 ms] Start: Run in container: git config --system --get-all safe.directory | grep -x '/workspaces/OpenHands' || git config --system --add safe.directory '/workspaces/OpenHands'
[12398 ms]
[12398 ms]
[12398 ms] Start: Updating configuration state
[12400 ms] Start: Setup shutdown monitor
[12400 ms] Forking shutdown monitor: c:\Users\llamantino\.vscode\extensions\ms-vscode-remote.remote-containers-0.417.0\dist\shutdown\shutdownMonitorProcess \\.\pipe\vscode-remote-containers-bce56ad8-0e05-42fd-8c80-aeb6371d9d22-sock singleContainer Debug c:\Users\llamantino\AppData\Roaming\Code\logs\20250613T151208\window9\exthost\ms-vscode-remote.remote-containers 1749925096726
[12413 ms] Start: Run in container: test -d '/home/vscode/.vscode-server'
Tagging @chrmarti for awareness, as this seems related to previous safe.directory handling logic issue in #10736.
Does this issue occur when you try this locally?: Yes Does this issue occur when you try this locally and all extensions are disabled?: Yes
