This commit is contained in:
Andy 2018-12-25 19:06:31 +01:00
parent 2e88a4c716
commit 8a13d4fe76
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
8 changed files with 15 additions and 35 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
data/

View File

@ -1,6 +1,5 @@
# Run Chrome in a container
FROM ubuntu:zesty
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
FROM ubuntu:bionic
# To avoid problems with Dialog and curses wizards
ENV DEBIAN_FRONTEND noninteractive
@ -49,10 +48,9 @@ ENV GROUPS video,audio
ENV UID 1000
ENV HOME /home/$USER
RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -G $GROUPS $USER && \
su -s /bin/sh -l $USER -c 'mkdir -p $HOME/.pki/nssdb $HOME/.local'
RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -G $GROUPS $USER
WORKDIR $HOME
COPY launch /launch
ENTRYPOINT [ "sh", "/launch" ]
LABEL maintainer="Andrey Arapov <andrey.arapov@nixaid.com>"

View File

@ -1,4 +1,4 @@
Copyright (c) 2016, Andrey Arapov
Copyright (c) 2016,2017,2018, Andrey Arapov
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above

View File

@ -2,16 +2,9 @@
### versions
- google-chrome-stable (50.0.2661.102-1)
- google-chrome-stable (71.0.3578.98-1)
- google-talkplugin (5.41.0.0-1)
First initialize the data volume
```
docker run --rm -ti -v chrome_data:/data busybox /bin/sh -c "chown 1000:1000 /data"
```
Launch the Chrome
```

3
TODO.md Normal file
View File

@ -0,0 +1,3 @@
## TODO
- enable hardware acceleration

0
data/.keep Normal file
View File

View File

@ -1,12 +1,8 @@
version: '2'
volumes:
data: {}
certs: {}
version: '3.7'
services:
chrome:
image: andrey01/chrome
init: true
build: .
network_mode: bridge
devices:
@ -15,25 +11,20 @@ services:
volumes:
- /tmp/.X11-unix:/tmp/.X11-unix:ro
- $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse
- data:/data
- certs:/home/user/.pki/nssdb
- ./data:/home/user
- $HOME/Downloads:/home/user/Downloads
- /var/run/cups:/var/run/cups:ro
- /tmp/krb5cc_1000:/tmp/krb5cc_1000:ro
- /etc/localtime:/etc/localtime:ro
- /etc/machine-id:/etc/machine-id:ro
environment:
- DISPLAY=unix$DISPLAY
- PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native
# some webapps won't work when the timezone is not properly set, e.g.
# the ownCloud's (v9.0.0) calendar (v1.0.0.0) does not work correctly
# the same could happen with Icinga2 web interface
- TZ=Europe/Amsterdam
# SYS_ADMIN is NOT required if you run chrome with `--no-sandbox` flag
# more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/
cap_add:
- SYS_ADMIN
- IPC_LOCK # lock memory to prevent sensitive values from being swapped to disk.
# Turns off anonymous page swapping
mem_swappiness: 0
shm_size: 4G
# mem_limit: 4G
# security_opt:

8
launch
View File

@ -1,9 +1,3 @@
#!/usr/bin/env sh
mkdir /data $HOME/.pki/nssdb $HOME/.local 2>/dev/null
chown -Rh $USER:$USER /data $HOME/.pki/nssdb $HOME/.local
# Befriend with grsecurity patched kernel
setfattr -n user.pax.flags -v m /opt/google/chrome/chrome
su -s /bin/sh -c "/usr/bin/google-chrome --user-data-dir=/data $@" $USER
su -s /bin/sh -c "/usr/bin/google-chrome $@" $USER