diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8fce603 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +data/ diff --git a/Dockerfile b/Dockerfile index 5ed3519..5615c16 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ # Run Chrome in a container -FROM ubuntu:zesty -MAINTAINER Andrey Arapov +FROM ubuntu:bionic # To avoid problems with Dialog and curses wizards ENV DEBIAN_FRONTEND noninteractive @@ -49,10 +48,9 @@ ENV GROUPS video,audio ENV UID 1000 ENV HOME /home/$USER -RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -G $GROUPS $USER && \ - su -s /bin/sh -l $USER -c 'mkdir -p $HOME/.pki/nssdb $HOME/.local' - +RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -G $GROUPS $USER WORKDIR $HOME COPY launch /launch ENTRYPOINT [ "sh", "/launch" ] +LABEL maintainer="Andrey Arapov " diff --git a/LICENSE b/LICENSE index 11239ec..d7ebd36 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2016, Andrey Arapov +Copyright (c) 2016,2017,2018, Andrey Arapov Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above diff --git a/README.md b/README.md index fa45cbb..08fa0a4 100644 --- a/README.md +++ b/README.md @@ -2,16 +2,9 @@ ### versions -- google-chrome-stable (50.0.2661.102-1) +- google-chrome-stable (71.0.3578.98-1) - google-talkplugin (5.41.0.0-1) - -First initialize the data volume - -``` -docker run --rm -ti -v chrome_data:/data busybox /bin/sh -c "chown 1000:1000 /data" -``` - Launch the Chrome ``` diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..3dfe778 --- /dev/null +++ b/TODO.md @@ -0,0 +1,3 @@ +## TODO + +- enable hardware acceleration diff --git a/data/.keep b/data/.keep new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yml b/docker-compose.yml index ff503ea..8f00723 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,12 +1,8 @@ -version: '2' - -volumes: - data: {} - certs: {} +version: '3.7' services: chrome: - image: andrey01/chrome + init: true build: . network_mode: bridge devices: @@ -15,25 +11,20 @@ services: volumes: - /tmp/.X11-unix:/tmp/.X11-unix:ro - $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse - - data:/data - - certs:/home/user/.pki/nssdb + - ./data:/home/user - $HOME/Downloads:/home/user/Downloads - /var/run/cups:/var/run/cups:ro - /tmp/krb5cc_1000:/tmp/krb5cc_1000:ro + - /etc/localtime:/etc/localtime:ro + - /etc/machine-id:/etc/machine-id:ro environment: - DISPLAY=unix$DISPLAY - PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native - # some webapps won't work when the timezone is not properly set, e.g. - # the ownCloud's (v9.0.0) calendar (v1.0.0.0) does not work correctly - # the same could happen with Icinga2 web interface - - TZ=Europe/Amsterdam # SYS_ADMIN is NOT required if you run chrome with `--no-sandbox` flag # more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/ cap_add: - SYS_ADMIN - IPC_LOCK # lock memory to prevent sensitive values from being swapped to disk. - # Turns off anonymous page swapping - mem_swappiness: 0 shm_size: 4G # mem_limit: 4G # security_opt: diff --git a/launch b/launch index 7f9382e..cab15ec 100644 --- a/launch +++ b/launch @@ -1,9 +1,3 @@ #!/usr/bin/env sh -mkdir /data $HOME/.pki/nssdb $HOME/.local 2>/dev/null -chown -Rh $USER:$USER /data $HOME/.pki/nssdb $HOME/.local - -# Befriend with grsecurity patched kernel -setfattr -n user.pax.flags -v m /opt/google/chrome/chrome - -su -s /bin/sh -c "/usr/bin/google-chrome --user-data-dir=/data $@" $USER +su -s /bin/sh -c "/usr/bin/google-chrome $@" $USER