diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 18e2fb4bf12300560361792a25afa69f38a6cbba..39abc2882f6e58c8386869b3470df6fbedfaffb3 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,15 +1,18 @@
 {
   "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json",
-  "hostRequirements": {
-    "cpus": 4,
-    "memory": "7gb",
-    "storage": "32gb"
-  },
   "name": "Renovate",
   "dockerFile": "Dockerfile",
   "features": {
     "ghcr.io/devcontainers/features/common-utils:2": {}
   },
+  "capAdd": ["SYS_PTRACE"],
+  "privileged": true,
+  "securityOpt": ["seccomp=unconfined"],
+  "hostRequirements": {
+    "cpus": 4,
+    "memory": "7gb",
+    "storage": "32gb"
+  },
   "customizations": {
     "vscode": {
       "extensions": [
@@ -21,13 +24,7 @@
       ]
     }
   },
-  "runArgs": [
-    "--cap-add=SYS_PTRACE",
-    "--security-opt",
-    "seccomp=unconfined",
-    "--privileged"
-  ],
-  "postCreateCommand": "yarn install",
+  "postCreateCommand": [".devcontainer/post-create.sh"],
   // Otherwise jest watcher fails because deps were not installed yet
   "waitFor": "postCreateCommand"
 }
diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh
new file mode 100755
index 0000000000000000000000000000000000000000..dc31aca81aa0917d0d187316e3726fa78079bab9
--- /dev/null
+++ b/.devcontainer/post-create.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+if [[ "${CODESPACES}" == true ]]; then
+  echo "Fixing permissions of /tmp for GitHub Codespaces..." >&2
+  sudo chmod 1777 /tmp
+fi
+
+set -x
+
+exec yarn install