updates

Dockerfile

@@ -1,5 +1,5 @@
 # Run Chrome in a container
-FROM ubuntu:xenial
+FROM ubuntu:zesty
 MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
 
 # To avoid problems with Dialog and curses wizards

docker-compose.yml

@@ -1,7 +1,4 @@
-version: '2.1'
-
-# Initialize
-# docker run --rm -ti -v chrome_data:/data busybox /bin/sh -c "chown 1000:1000 /data"
+version: '2'
 
 volumes:
   data: {}
@@ -9,7 +6,8 @@ volumes:
 
 services:
   chrome:
-    image: andrey01/chrome
+    image: local/chrome
+    build: .
     network_mode: bridge
     devices:
       - /dev/dri
@@ -33,13 +31,11 @@ services:
     # more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/
     cap_add:
       - SYS_ADMIN
+      - IPC_LOCK # lock memory to prevent sensitive values from being swapped to disk.
+    # Turns off anonymous page swapping
+    mem_swappiness: 0
+    # shm_size: 4G
+    # mem_limit: 4G
     # security_opt:
       # - apparmor:docker-ptrace
       # - apparmor:unconfined
-    # fixes the: grsec: denied resource overstep by requesting 28 for RLIMIT_NICE against limit 0 for /opt/google/chrome/chrome
-    ulimits:
-      nice: 28
-    shm_size: 4G
-    mem_limit: 4G
-    # Turns off anonymous page swapping
-    mem_swappiness: 0