From ed964fe14ddf46e3186df5a18611b8efda03b864 Mon Sep 17 00:00:00 2001
From: Andrey Arapov <andrey.arapov@nixaid.com>
Date: Sun, 4 Dec 2016 20:31:00 +0100
Subject: [PATCH] initial release

---
 Dockerfile         | 58 ++++++++++++++++++++++++++++++++++++++++++++++
 README.md          | 43 ++++++++++++++++++++++++++++++++++
 docker-compose.yml | 32 +++++++++++++++++++++++++
 launch             |  6 +++++
 4 files changed, 139 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 README.md
 create mode 100644 docker-compose.yml
 create mode 100644 launch

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..c78a3c8
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,58 @@
+FROM ubuntu:xenial
+MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
+
+# To avoid problems with Dialog and curses wizards
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+    apt-get -y install sudo kmod attr \
+                       pulseaudio libcanberra-gtk-module libexif12 \
+                       fonts-dejavu-core fonts-freefont-ttf fonts-guru-extra \
+                       fonts-kacst fonts-kacst-one fonts-khmeros-core fonts-lao \
+                       fonts-liberation fonts-lklug-sinhala fonts-lohit-guru \
+                       fonts-nanum fonts-opensymbol fonts-sil-abyssinica \
+                       fonts-sil-padauk fonts-symbola fonts-takao-pgothic \
+                       fonts-tibetan-machine fonts-tlwg-garuda-ttf \
+                       fonts-tlwg-kinnari-ttf fonts-tlwg-laksaman-ttf \
+                       fonts-tlwg-loma-ttf fonts-tlwg-mono-ttf \
+                       fonts-tlwg-norasi-ttf fonts-tlwg-purisa-ttf \
+                       fonts-tlwg-sawasdee-ttf fonts-tlwg-typewriter-ttf \
+                       fonts-tlwg-typist-ttf fonts-tlwg-typo-ttf \
+                       fonts-tlwg-umpush-ttf fonts-tlwg-waree-ttf \
+                       ttf-bitstream-vera ttf-dejavu-core ttf-ubuntu-font-family \
+                       fonts-arphic-ukai fonts-arphic-uming \
+                       fonts-ipafont-mincho fonts-ipafont-gothic \
+                       fonts-unfonts-core fonts-telu fonts-knda \
+                       chromium-browser && \
+                       rm -rf -- /var/lib/apt/lists
+
+# Obtain Google Chrome
+ADD https://dl.google.com/linux/direct/google-talkplugin_current_amd64.deb /tmp/google-talkplugin_current_amd64.deb
+
+RUN sh -c 'dpkg -i /tmp/google-talkplugin_current_amd64.deb 2>/dev/null; exit 0' && \
+    apt-get update && \
+    apt-get -fy install && \
+    rm -rf -- /var/lib/apt/lists /tmp/*.deb
+
+# Workaround: pulseaudio client library likes to remove /dev/shm/pulse-shm-*
+#             files created by the host, causing sound to stop working.
+#             To fix this, we either want to disable the shm or mount /dev/shm
+#             in read-only mode when starting the container.
+RUN echo "enable-shm = no" >> /etc/pulse/client.conf
+
+ENV USER user
+ENV GROUPS video,audio
+ENV UID 1000
+ENV HOME /home/$USER
+
+RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -G $GROUPS $USER && \
+    su -s /bin/sh -l $USER -c 'mkdir -p $HOME/.pki/nssdb $HOME/.local'
+
+RUN echo "$USER ALL=NOPASSWD:/sbin/lsmod" | tee /etc/sudoers.d/$USER && \
+    /bin/echo -e "#!/bin/sh\nsudo /sbin/lsmod \$@" | tee /usr/local/sbin/lsmod && \
+    chmod +x /usr/local/sbin/lsmod
+
+WORKDIR $HOME
+
+COPY launch /launch
+ENTRYPOINT [ "sh", "/launch" ]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ce26459
--- /dev/null
+++ b/README.md
@@ -0,0 +1,43 @@
+## Launching Chromium in Docker
+
+The simplest way:
+
+```sh
+git clone https://github.com/arno01/chromium.git
+cd chromium
+docker-compose run chromium
+```
+
+If it does not start, you may need to allow your user making local
+connections to X server, which can be achieved with this command on host:
+
+```sh
+xhost +SI:localuser:$(id -un)
+```
+
+You can use the following shortcut function and place it to your `~/.bash_aliases` file:
+
+```sh
+function docker_helper() {
+    pushd ~/docker/$1
+    docker-compose rm -f "$1"
+    docker-compose run -d --name "$1" "$@"
+    popd
+}
+
+function chromium() {
+    docker_helper "$FUNCNAME" "$@"
+}
+```
+
+Then just use ``chromium`` command to launch Chromium.
+
+
+## Rebuilding the image
+
+You may want to rebuild this image on your own:
+
+```sh
+docker pull ubuntu:xenial
+docker build -t andrey01/chromium .
+```
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ba09e1f
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,32 @@
+version: '2'
+
+volumes:
+  data: {}
+  certs: {}
+
+services:
+  chromium:
+    image: andrey01/chromium
+    network_mode: bridge
+    devices:
+      - /dev/dri
+      # Uncomment to allow webcam:
+      # - /dev/video0
+    volumes:
+      - data:/data
+      - certs:/home/user/.pki/nssdb
+      - $HOME/Downloads:/home/user/Downloads
+      - /tmp/.X11-unix:/tmp/.X11-unix:ro
+      - $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse
+      - /var/run/cups:/var/run/cups:ro
+      - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
+      - /tmp/krb5cc_1000:/tmp/krb5cc_1000:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - DISPLAY=unix$DISPLAY
+      - PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native
+    # SYS_ADMIN is NOT required if you run chrome with `--no-sandbox` flag
+    # more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/
+    cap_add:
+      - SYS_ADMIN
+    shm_size: 4G
diff --git a/launch b/launch
new file mode 100644
index 0000000..0e96521
--- /dev/null
+++ b/launch
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+# Befriend with grsecurity patched kernel
+setfattr -n user.pax.flags -v m /usr/lib/chromium-browser/chromium-browser
+
+su -s /bin/sh -c /usr/bin/chromium-browser $USER