version: '2' # Initialize # docker run --rm -ti -v chrome_data:/data busybox /bin/sh -c "chown 1000:1000 /data" volumes: data: {} certs: {} services: chrome: image: andrey01/chrome read_only: true network_mode: bridge devices: - /dev/dri # - /dev/video0 volumes: - /tmp/.X11-unix:/tmp/.X11-unix:ro - $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse # /dev/shm must be RW, otherwise webcam (/dev/video0) won't work # mplayer tv:// -tv driver=v4l2:width=640:height=480:device=/dev/video0 # X11 error: BadAccess (attempt to access private resource denied) # X11 error: BadShmSeg (invalid shared segment parameter) - /dev/shm:/dev/shm - data:/data - certs:/home/user/.pki/nssdb - $HOME/Downloads:/home/user/Downloads - /var/run/cups:/var/run/cups:ro - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro - /tmp/krb5cc_1000:/tmp/krb5cc_1000:ro environment: - DISPLAY=unix$DISPLAY - PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native # some webapps won't work when the timezone is not properly set, e.g. # the ownCloud's (v9.0.0) calendar (v1.0.0.0) does not work correctly # the same could happen with Icinga2 web interface - TZ=Europe/Amsterdam # SYS_ADMIN is NOT required if you run chrome with `--no-sandbox` flag # more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/ cap_add: - SYS_ADMIN # security_opt: # - apparmor:docker-ptrace # - apparmor:unconfined