diff --git a/Dockerfile b/Dockerfile index 2cbdd88..babc8e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN apt-get update && \ apt-get -y dist-upgrade && \ apt-get -fy install && \ apt-get -y install xz-utils libdbus-glib-1-2 libgtk2.0-0 libxt6 \ - libgl1-mesa-glx pulseaudio && \ + libgl1-mesa-glx pulseaudio attr && \ rm -rf /var/lib/apt/lists # bzip2 libgtk-3-0 libasound2 libpango1.0-0 libv4l-0 libgl1-mesa-glx x264 @@ -40,9 +40,9 @@ RUN cd /tmp && \ rm -f tor.tar.xz && \ chown -Rh $USER:$USER $HOME -USER $USER WORKDIR $HOME VOLUME [ "/tmp", "$HOME/tor-browser" ] -ENTRYPOINT [ "./tor-browser/Browser/start-tor-browser" ] +COPY ./launch /launch +ENTRYPOINT [ "/bin/bash", "/launch" ] diff --git a/docker-compose.yml b/docker-compose.yml index 126100c..1323c37 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,12 +4,11 @@ services: tor: # docker build -t andrey01/tor . image: andrey01/tor - read_only: true network_mode: bridge volumes: - /tmp/.X11-unix:/tmp/.X11-unix:ro - $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse:ro - - $HOME/Downloads:/home/user/tor-browser_en-US/Browser/Downloads + - $HOME/Downloads:/home/user/tor-browser/Browser/Downloads environment: - DISPLAY=unix$DISPLAY - PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native diff --git a/launch b/launch new file mode 100644 index 0000000..0251d53 --- /dev/null +++ b/launch @@ -0,0 +1,19 @@ +#!/bin/bash +set -x +# +# Make errors visible upon `docker logs -f steam` command +# +exec 2>&1 + +# +# Befriend with grsecurity patched Linux kernel +# +if [ -r /proc/sys/kernel/grsecurity/tpe_gid ]; then + groupadd -r -g $(cat /proc/sys/kernel/grsecurity/tpe_gid) grsec-tpe + usermod -aG grsec-tpe $USER + setfattr -n user.pax.flags -v "rm" \ + $HOME/tor-browser/Browser/firefox \ + $HOME/tor-browser/Browser/TorBrowser/Tor/tor +fi + +su -s /bin/sh -p $USER -c "cd ./tor-browser/Browser && ./start-tor-browser"