|
|
|
@ -1,7 +1,4 @@
|
|
|
|
|
version: '2.1'
|
|
|
|
|
|
|
|
|
|
# Initialize
|
|
|
|
|
# docker run --rm -ti -v chrome_data:/data busybox /bin/sh -c "chown 1000:1000 /data"
|
|
|
|
|
version: '2'
|
|
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
|
data: {}
|
|
|
|
@ -9,7 +6,8 @@ volumes:
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
chrome:
|
|
|
|
|
image: andrey01/chrome
|
|
|
|
|
image: local/chrome
|
|
|
|
|
build: .
|
|
|
|
|
network_mode: bridge
|
|
|
|
|
devices:
|
|
|
|
|
- /dev/dri
|
|
|
|
@ -33,13 +31,11 @@ services:
|
|
|
|
|
# more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/
|
|
|
|
|
cap_add:
|
|
|
|
|
- SYS_ADMIN
|
|
|
|
|
- IPC_LOCK # lock memory to prevent sensitive values from being swapped to disk.
|
|
|
|
|
# Turns off anonymous page swapping
|
|
|
|
|
mem_swappiness: 0
|
|
|
|
|
# shm_size: 4G
|
|
|
|
|
# mem_limit: 4G
|
|
|
|
|
# security_opt:
|
|
|
|
|
# - apparmor:docker-ptrace
|
|
|
|
|
# - apparmor:unconfined
|
|
|
|
|
# fixes the: grsec: denied resource overstep by requesting 28 for RLIMIT_NICE against limit 0 for /opt/google/chrome/chrome
|
|
|
|
|
ulimits:
|
|
|
|
|
nice: 28
|
|
|
|
|
shm_size: 4G
|
|
|
|
|
mem_limit: 4G
|
|
|
|
|
# Turns off anonymous page swapping
|
|
|
|
|
mem_swappiness: 0
|
|
|
|
|