From 9f187e039872aa71caeb102d322e69d42da59b1d Mon Sep 17 00:00:00 2001 From: Viet Nguyen Duc Date: Mon, 11 Dec 2023 17:50:10 +0700 Subject: [PATCH] feat: changing owner while creating container for download support (#2056) Signed-off-by: Viet Nguyen Duc --- Base/Dockerfile | 100 +++++++++++++++++++++++++----------- Base/entry_point.sh | 36 ++++++++++++- Base/fix-permissions | 23 +++++++++ Distributor/Dockerfile | 4 +- EventBus/Dockerfile | 4 +- Hub/Dockerfile | 4 +- NodeBase/Dockerfile | 43 +++++++--------- NodeChrome/Dockerfile | 8 +-- NodeDocker/Dockerfile | 4 +- NodeEdge/Dockerfile | 4 +- NodeFirefox/Dockerfile | 12 +---- README.md | 51 ++++++++++++++---- Router/Dockerfile | 4 +- SessionQueue/Dockerfile | 4 +- Sessions/Dockerfile | 4 +- Standalone/Dockerfile | 6 +-- StandaloneDocker/Dockerfile | 4 +- 17 files changed, 213 insertions(+), 102 deletions(-) create mode 100644 Base/fix-permissions diff --git a/Base/Dockerfile b/Base/Dockerfile index 7122d9772..6e368d66d 100644 --- a/Base/Dockerfile +++ b/Base/Dockerfile @@ -1,8 +1,19 @@ FROM ubuntu:jammy-20231004 LABEL authors="Selenium " +# Arguments to define the version of dependencies to download ARG VERSION ARG RELEASE=selenium-${VERSION} +ARG OPENTELEMETRY_VERSION=1.31.0 +ARG GRPC_VERSION=1.59.0 + +#Arguments to define the user running Selenium +ARG SEL_USER=seluser +ARG SEL_PASSWD=secret +ARG SEL_UID=1200 +ARG SEL_GID=1201 + +USER root #================================================ # Customize sources for apt-get #================================================ @@ -33,6 +44,7 @@ RUN apt-get -qqy update \ curl \ supervisor \ gnupg2 \ + libnss3-tools \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* \ && sed -i 's/securerandom\.source=file:\/dev\/random/securerandom\.source=file:\/dev\/urandom/' ./usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security @@ -45,25 +57,53 @@ RUN ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \ dpkg-reconfigure -f noninteractive tzdata && \ cat /etc/timezone +#====================================== +# Configure environement +#====================================== +ENV SEL_USER=${SEL_USER} +ENV SEL_UID=${SEL_UID} +ENV SEL_GID=${SEL_GID} +ENV HOME=/home/${SEL_USER} +ENV SEL_DIR=/opt/selenium +ENV EXTERNAL_JARS=/external_jars +ENV SE_DOWNLOAD_DIR=${HOME}/Downloads + +# Copy a script that we will use to correct permissions after running certain commands +COPY fix-permissions /usr/local/bin/fix-permissions +RUN chmod a+rx /usr/local/bin/fix-permissions + #======================================== # Add normal user and group with passwordless sudo #======================================== -RUN groupadd seluser \ - --gid 1201 \ - && useradd seluser \ - --create-home \ - --gid 1201 \ - --shell /bin/bash \ - --uid 1200 \ - && usermod -a -G sudo seluser \ - && echo 'ALL ALL = (ALL) NOPASSWD: ALL' >> /etc/sudoers \ - && echo 'seluser:secret' | chpasswd -ENV HOME=/home/seluser +RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su \ + && sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers \ + && sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers \ + && echo 'ALL ALL = (ALL) NOPASSWD: ALL' >> /etc/sudoers + +RUN groupadd ${SEL_USER} \ + --gid ${SEL_GID} \ + && useradd ${SEL_USER} \ + --no-log-init \ + --create-home \ + --gid ${SEL_GID} \ + --shell /bin/bash \ + --uid ${SEL_UID} \ + && chmod g+w /etc/passwd \ + && echo "${SEL_USER}:${SEL_PASSWD}" | chpasswd + +#====================================== +# Create directories needed +#====================================== +RUN mkdir -p ${HOME}/.mozilla ${HOME}/.cache \ + ${SEL_DIR} ${SEL_DIR}/assets \ + /var/run/supervisor /var/log/supervisor \ + ${EXTERNAL_JARS} \ + ${SE_DOWNLOAD_DIR} #====================================== # Add Grid check script #====================================== -COPY check-grid.sh entry_point.sh /opt/bin/ +COPY --chown="${SEL_UID}:${SEL_GID}" check-grid.sh entry_point.sh /opt/bin/ #====================================== # Add Supervisor configuration file @@ -71,38 +111,38 @@ COPY check-grid.sh entry_point.sh /opt/bin/ COPY supervisord.conf /etc #========== -# Selenium & relaxing permissions for OpenShift and other non-sudo environments +# Selenium #========== -RUN mkdir -p /opt/selenium /opt/selenium/assets /var/run/supervisor /var/log/supervisor \ - && touch /opt/selenium/config.toml \ - && chmod -R 777 /opt/selenium /opt/selenium/assets /var/run/supervisor /var/log/supervisor /etc/passwd \ +RUN touch ${SEL_DIR}/config.toml \ && wget --no-verbose https://github.com/SeleniumHQ/selenium/releases/download/${RELEASE}/selenium-server-${VERSION}.jar \ - -O /opt/selenium/selenium-server.jar \ - && chgrp -R 0 /opt/selenium ${HOME} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \ - && chmod -R g=u /opt/selenium ${HOME} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \ - && setfacl -Rm u:seluser:rwx /opt /opt/selenium ${HOME} /opt/selenium/assets /var/run/supervisor /var/log/supervisor + -O ${SEL_DIR}/selenium-server.jar #===== # Download observability related jaegar jars and make them available in a separate directory # so that the container can skip downloading them everytime it comes up #===== RUN curl -fLo /tmp/cs https://github.com/coursier/launchers/raw/master/coursier \ - && chmod +x /tmp/cs \ - && mkdir -p /external_jars \ - && chmod -R 775 /external_jars + && chmod +x /tmp/cs -RUN /tmp/cs fetch --classpath --cache /external_jars \ - io.opentelemetry:opentelemetry-exporter-otlp:1.31.0 \ - io.opentelemetry:opentelemetry-exporter-jaeger:1.31.0 \ - io.grpc:grpc-netty:1.59.0 > /external_jars/.classpath.txt - -RUN chmod 664 /external_jars/.classpath.txt +RUN /tmp/cs fetch --classpath --cache ${EXTERNAL_JARS} \ + io.opentelemetry:opentelemetry-exporter-otlp:${OPENTELEMETRY_VERSION} \ + io.opentelemetry:opentelemetry-exporter-jaeger:${OPENTELEMETRY_VERSION} \ + io.grpc:grpc-netty:${GRPC_VERSION} > ${EXTERNAL_JARS}/.classpath.txt RUN rm -fr /root/.cache/* +# Change ownership of directories +RUN chown -R "${SEL_USER}:${SEL_GID}" ${HOME} ${SEL_DIR} ${SEL_DIR}/assets ${EXTERNAL_JARS} ${SE_DOWNLOAD_DIR} /var/run/supervisor /var/log/supervisor \ + && fix-permissions ${HOME} ${SEL_DIR} ${SEL_DIR}/assets ${EXTERNAL_JARS} ${SE_DOWNLOAD_DIR} /var/run/supervisor /var/log/supervisor + +#========== +# Relaxing permissions for OpenShift and other non-sudo environments +#========== +RUN chmod g=u /etc/passwd + #=================================================== # Run the following commands as non-privileged user #=================================================== -USER 1200:1201 +USER ${SEL_UID}:${SEL_GID} # Boolean value, maps "--bind-host" ENV SE_BIND_HOST false diff --git a/Base/entry_point.sh b/Base/entry_point.sh index 0fd0b314e..4ef9ee26b 100755 --- a/Base/entry_point.sh +++ b/Base/entry_point.sh @@ -1,4 +1,9 @@ #!/usr/bin/env bash +_log () { + if [[ "$*" == "ERROR:"* ]] || [[ "$*" == "WARNING:"* ]] || [[ "${CONTAINER_LOGS_QUIET}" == "" ]]; then + echo "$@" + fi +} #============================================== # OpenShift or non-sudo environments support @@ -7,10 +12,39 @@ if ! whoami &> /dev/null; then if [ -w /etc/passwd ]; then - echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd + echo "${USER_NAME:-${SEL_USER}}:x:$(id -u):0:${USER_NAME:-${SEL_USER}} user:${HOME}:${SE_DOWNLOAD_DIR}:/var:/opt:/sbin/nologin" >> /etc/passwd fi fi +MKDIR_EXTRA=${SE_DOWNLOAD_DIR}","${MKDIR_EXTRA} +CHOWN_EXTRA=${MKDIR_EXTRA}","${CHOWN_EXTRA} + +if [ -n "${MKDIR_EXTRA}" ]; then + for extra_dir in $(echo "${MKDIR_EXTRA}" | tr ',' ' '); do + _log "Creating directory ${extra_dir} ${MKDIR_EXTRA_OPTS:+(mkdir options: ${MKDIR_EXTRA_OPTS})}" + # shellcheck disable=SC2086 + sudo mkdir ${MKDIR_EXTRA_OPTS:-"-p"} "${extra_dir}" + done +fi + +if [ -n "${CHOWN_EXTRA}" ]; then + for extra_dir in $(echo "${CHOWN_EXTRA}" | tr ',' ' '); do + _log "Changing ${extra_dir} ownership. ${extra_dir} is owned by ${SEL_USER} ${CHOWN_EXTRA_OPTS:+(chown options: ${CHOWN_EXTRA_OPTS})}" + # shellcheck disable=SC2086 + sudo chown ${CHOWN_EXTRA_OPTS:-"-R"} "${SEL_UID}:${SEL_GID}" "${extra_dir}" + sudo -E fix-permissions "${extra_dir}" + done +fi + +# Raise error if the user isn't able to write files to download dir +if [ -n "${CHOWN_EXTRA}" ]; then + for extra_dir in $(echo "${CHOWN_EXTRA}" | tr ',' ' '); do + if [[ ! -w ${extra_dir} ]]; then + _log "ERROR: no write access to download dir ${SE_DOWNLOAD_DIR}. Please correct the permissions and restart." + fi + done +fi + /usr/bin/supervisord --configuration /etc/supervisord.conf & SUPERVISOR_PID=$! diff --git a/Base/fix-permissions b/Base/fix-permissions new file mode 100644 index 000000000..97d4ad8b8 --- /dev/null +++ b/Base/fix-permissions @@ -0,0 +1,23 @@ +#!/bin/bash +set -e +# Run this with USER root only +for d in "$@"; do + find "${d}" \ + ! \( \ + -group "${SEL_GID}" \ + -a -perm -g+rwX \ + \) \ + -exec chgrp -R "${SEL_GID}" -- {} \+ \ + -exec chmod -R g+rwX -- {} \+ + # setuid, setgid *on directories only* + find "${d}" \ + \( \ + -type d \ + -a ! -perm -6000 \ + \) \ + -exec chmod -R +6000 -- {} \+ + # Relaxing permissions for OpenShift and other non-sudo environments + chmod -R u+x "${d}" + chgrp -R 0 "${d}" + chmod -R g=u "${d}" +done diff --git a/Distributor/Dockerfile b/Distributor/Dockerfile index 75e75468a..ce901ceeb 100644 --- a/Distributor/Dockerfile +++ b/Distributor/Dockerfile @@ -4,7 +4,7 @@ ARG AUTHORS FROM ${NAMESPACE}/base:${VERSION} LABEL authors=${AUTHORS} -USER 1200 +USER ${SEL_UID} #======================== # Selenium Distributor Configuration @@ -12,7 +12,7 @@ USER 1200 EXPOSE 5553 -COPY start-selenium-grid-distributor.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-grid-distributor.sh \ /opt/bin/ COPY selenium-grid-distributor.conf /etc/supervisor/conf.d/ diff --git a/EventBus/Dockerfile b/EventBus/Dockerfile index 16985e7b2..6864aead4 100644 --- a/EventBus/Dockerfile +++ b/EventBus/Dockerfile @@ -4,7 +4,7 @@ ARG AUTHORS FROM ${NAMESPACE}/base:${VERSION} LABEL authors=${AUTHORS} -USER 1200 +USER ${SEL_UID} #================================= # Selenium Event Bus Configuration @@ -17,7 +17,7 @@ EXPOSE 4443 # Event Bus port EXPOSE 5557 -COPY start-selenium-grid-eventbus.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-grid-eventbus.sh \ /opt/bin/ COPY selenium-grid-eventbus.conf /etc/supervisor/conf.d/ diff --git a/Hub/Dockerfile b/Hub/Dockerfile index 56348d8ba..e46797164 100644 --- a/Hub/Dockerfile +++ b/Hub/Dockerfile @@ -4,7 +4,7 @@ ARG AUTHORS FROM ${NAMESPACE}/base:${VERSION} LABEL authors=${AUTHORS} -USER 1200 +USER ${SEL_UID} #======================== # Selenium Hub Configuration @@ -21,7 +21,7 @@ ENV SE_SESSION_RETRY_INTERVAL 15 # Boolean value, maps "--relax-checks" ENV SE_RELAX_CHECKS true -COPY start-selenium-grid-hub.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-grid-hub.sh \ /opt/bin/ COPY selenium-grid-hub.conf /etc/supervisor/conf.d/ diff --git a/NodeBase/Dockerfile b/NodeBase/Dockerfile index 2e9f519d4..ed42d66c0 100644 --- a/NodeBase/Dockerfile +++ b/NodeBase/Dockerfile @@ -112,16 +112,31 @@ RUN wget -nv -O noVNC.zip \ #========================================================================================================================================= RUN chmod +x /dev/shm +# Creating base directory for Xvfb +RUN mkdir -p /tmp/.X11-unix && \ + fix-permissions /tmp/.X11-unix + +#============================== +# Generating the VNC password based on the ${SE_VNC_PASSWORD} +# Changing ownership to ${SEL_USER}, so the service can be started +#============================== + +ENV SE_VNC_PASSWORD=secret +RUN mkdir -p ${HOME}/.vnc \ + && x11vnc -storepasswd ${SE_VNC_PASSWORD} ${HOME}/.vnc/passwd \ + && chown -R "${SEL_UID}:${SEL_GID}" ${HOME}/.vnc \ + && fix-permissions ${HOME}/.vnc + #=================================================== # Run the following commands as non-privileged user #=================================================== -USER 1200 +USER ${SEL_UID} #============================== # Scripts to run Selenium Node and XVFB #============================== -COPY start-selenium-node.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-node.sh \ start-xvfb.sh \ /opt/bin/ @@ -130,25 +145,10 @@ COPY start-selenium-node.sh \ #============================== COPY selenium.conf /etc/supervisor/conf.d/ -#============================== -# Generating the VNC password as seluser -# So the service can be started with seluser -#============================== - -RUN mkdir -p ${HOME}/.vnc \ - && x11vnc -storepasswd secret ${HOME}/.vnc/passwd - -#========== -# Relaxing permissions for OpenShift and other non-sudo environments -#========== -RUN sudo chmod -R 775 ${HOME} \ - && sudo chgrp -R 0 ${HOME} \ - && sudo chmod -R g=u ${HOME} - #============================== # Scripts to run fluxbox, x11vnc and noVNC #============================== -COPY start-vnc.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-vnc.sh \ start-novnc.sh \ /opt/bin/ @@ -180,8 +180,6 @@ ENV SE_DRAIN_AFTER_SESSION_COUNT 0 # Setting Selenium Manager to work offline ENV SE_OFFLINE true - - #======================== # Selenium Configuration #======================== @@ -195,10 +193,7 @@ ENV SE_NODE_OVERRIDE_MAX_SESSIONS false # Following line fixes https://github.com/SeleniumHQ/docker-selenium/issues/87 ENV DBUS_SESSION_BUS_ADDRESS=/dev/null -# Creating base directory for Xvfb -RUN sudo mkdir -p /tmp/.X11-unix && sudo chmod 1777 /tmp/.X11-unix - # Copying configuration script generator -COPY generate_config /opt/bin/generate_config +COPY --chown="${SEL_UID}:${SEL_GID}" generate_config /opt/bin/generate_config EXPOSE 5900 diff --git a/NodeChrome/Dockerfile b/NodeChrome/Dockerfile index dfcc5bd61..3282a3d05 100644 --- a/NodeChrome/Dockerfile +++ b/NodeChrome/Dockerfile @@ -29,8 +29,6 @@ RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --d COPY wrap_chrome_binary /opt/bin/wrap_chrome_binary RUN /opt/bin/wrap_chrome_binary -USER 1200 - #============================================ # Chrome webdriver #============================================ @@ -52,8 +50,10 @@ RUN if [ ! -z "$CHROME_DRIVER_VERSION" ]; \ && unzip /tmp/chromedriver_linux64.zip -d /opt/selenium \ && rm /tmp/chromedriver_linux64.zip \ && mv /opt/selenium/chromedriver-linux64/chromedriver /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION \ - && chmod 755 /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION \ - && sudo ln -fs /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION /usr/bin/chromedriver + && fix-permissions /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION \ + && ln -fs /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION /usr/bin/chromedriver + +USER ${SEL_UID} #============================================ # Dumping Browser information for config diff --git a/NodeDocker/Dockerfile b/NodeDocker/Dockerfile index 249b91adc..e7d8e0d35 100644 --- a/NodeDocker/Dockerfile +++ b/NodeDocker/Dockerfile @@ -13,7 +13,7 @@ RUN apt-get update -qqy \ && apt-get -qqy install socat \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* -USER 1200 +USER ${SEL_UID} #======================== # Selenium Standalone Docker Configuration @@ -21,7 +21,7 @@ USER 1200 EXPOSE 4444 -COPY start-selenium-grid-docker.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-grid-docker.sh \ config.toml \ start-socat.sh \ /opt/bin/ diff --git a/NodeEdge/Dockerfile b/NodeEdge/Dockerfile index 7f26504ba..adadec9d5 100644 --- a/NodeEdge/Dockerfile +++ b/NodeEdge/Dockerfile @@ -43,10 +43,10 @@ RUN if [ -z "$EDGE_DRIVER_VERSION" ]; \ && unzip /tmp/msedgedriver_linux64.zip -d /opt/selenium \ && rm /tmp/msedgedriver_linux64.zip \ && mv /opt/selenium/msedgedriver /opt/selenium/msedgedriver-$EDGE_DRIVER_VERSION \ - && chmod 755 /opt/selenium/msedgedriver-$EDGE_DRIVER_VERSION \ + && fix-permissions /opt/selenium/msedgedriver-$EDGE_DRIVER_VERSION \ && ln -fs /opt/selenium/msedgedriver-$EDGE_DRIVER_VERSION /usr/bin/msedgedriver -USER 1200 +USER ${SEL_UID} #============================================ # Dumping Browser information for config diff --git a/NodeFirefox/Dockerfile b/NodeFirefox/Dockerfile index e79f641be..0150b61e3 100644 --- a/NodeFirefox/Dockerfile +++ b/NodeFirefox/Dockerfile @@ -36,17 +36,7 @@ RUN GK_VERSION=$(if [ ${GECKODRIVER_VERSION:-latest} = "latest" ]; then echo "0. && chmod 755 /opt/geckodriver-$GK_VERSION \ && ln -fs /opt/geckodriver-$GK_VERSION /usr/bin/geckodriver -# Workaround for issue launch Firefox Webdriver "Failed to read marionette port" -RUN mkdir -p /home/seluser/.cache /home/seluser/.mozilla /.cache \ - && chmod 777 /home/seluser/.cache /home/seluser/.mozilla /.cache - -USER 1200 - -RUN if ! whoami &> /dev/null; then \ - if [ -w /tmp/passwd ]; then \ - echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:/home/seluser:/tmp:/bin/bash" >> /tmp/passwd; \ - fi \ -fi +USER ${SEL_UID} #============================================ # Dumping Browser information for config diff --git a/README.md b/README.md index 090d616b6..95b69c656 100644 --- a/README.md +++ b/README.md @@ -1287,30 +1287,59 @@ container in the following way: ```bash docker run -d -p 4444:4444 --shm-size="2g" \ - -v /home/ubuntu/files:/home/seluser/files \ + -v /home/ubuntu/files:/home/seluser/Downloads \ selenium/standalone-chrome:4.16.1-20231208 ``` That will mount the host `/home/ubuntu/files` directory -to the `/home/seluser/files` inside the container. The +to the `/home/seluser/Downloads` inside the container +(default browser's downloads directory). The problem happens because the volume will be mounted as `root`; therefore, the browser cannot write a file to that directory because it is running under the user `seluser`. This happens because that is how Docker mounts volumes in Linux, more details in this [issue](https://github.com/moby/moby/issues/2259). -A workaround for this is to create a directory on the -host and change its permissions **before mounting the volume**. -Depending on your user permissions, you might need to use -`sudo` for some of these commands: +There was a fix in this [feature](https://github.com/SeleniumHQ/docker-selenium/issues/1947) +that changed ownership when staring the container. + +You are able to configure browser with another download directory and mount the host with it in container by overriding `SE_DOWNLOAD_DIR`. + +```groovy +ChromeOptions options = new ChromeOptions(); +HashMap chromePrefs = new HashMap(); +chromePrefs.put("download.default_directory", "/tmp/downloads"); +options.setExperimentalOption("prefs", chromePrefs); +options.add_argument('disable-features=DownloadBubble,DownloadBubbleV2') +WebDriver driver = new ChromeDriver(options); +``` ```bash -mkdir /home/ubuntu/files -chown 1200:1201 /home/ubuntu/files +docker run -d -p 4444:4444 --shm-size="2g" \ + -e SE_DOWNLOAD_DIR=/tmp/downloads \ + -v /home/ubuntu/files:/tmp/downloads \ + selenium/standalone-chrome:4.16.1-20231208 ``` -After doing this, you should be able to download files -to the mounted directory. If you have a better workaround, -please send us a pull request! +### Change ownership of the volume mount + +If you are using Linux and you need to change the ownership of the volume mount, you can set the `CHOWN_EXTRA` and `CHOWN_EXTRA_OPTS` (default is set `-R` - change recursively) environment variables + +```bash +docker run -d -p 4444:4444 --shm-size="2g" \ + -v /home/ubuntu/my-certs:/etc/certs \ + -e CHOWN_EXTRA=/etc/certs \ + selenium/standalone-chrome:4.16.1-20231208 +``` + +If you want a new volume mount directory to be created and set ownership, you can set the `MKDIR_EXTRA` and `MKDIR_EXTRA_OPTS` (default is set `-p` - create a directory hierarchy) environment variables. + +```bash +docker run -d -p 4444:4444 --shm-size="2g" \ + -v /home/ubuntu/my-nssdb:/home/seluser/.pki/nssdb \ + -e MKDIR_EXTRA=/home/seluser/.pki/nssdb \ + selenium/standalone-chrome:4.16.1-20231208 +``` +Both `CHOWN_EXTRA` and `MKDIR_EXTRA` can be set to multiple directories by separating them with a `space` or `comma`. For example: `CHOWN_EXTRA=,` diff --git a/Router/Dockerfile b/Router/Dockerfile index ccce7a2ff..3410b932f 100644 --- a/Router/Dockerfile +++ b/Router/Dockerfile @@ -4,7 +4,7 @@ ARG AUTHORS FROM ${NAMESPACE}/base:${VERSION} LABEL authors=${AUTHORS} -USER 1200 +USER ${SEL_UID} #======================== # Selenium Router Configuration @@ -17,7 +17,7 @@ ENV SE_SESSION_RETRY_INTERVAL 0 EXPOSE 4444 -COPY start-selenium-grid-router.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-grid-router.sh \ /opt/bin/ COPY selenium-grid-router.conf /etc/supervisor/conf.d/ diff --git a/SessionQueue/Dockerfile b/SessionQueue/Dockerfile index bf6213279..bf4c7be89 100644 --- a/SessionQueue/Dockerfile +++ b/SessionQueue/Dockerfile @@ -4,7 +4,7 @@ ARG AUTHORS FROM ${NAMESPACE}/base:${VERSION} LABEL authors=${AUTHORS} -USER 1200 +USER ${SEL_UID} #======================== # Selenium SessionQueue Configuration @@ -17,7 +17,7 @@ ENV SE_SESSION_RETRY_INTERVAL 15 EXPOSE 5559 -COPY start-selenium-grid-session-queue.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-grid-session-queue.sh \ /opt/bin/ COPY selenium-grid-session-queue.conf /etc/supervisor/conf.d/ diff --git a/Sessions/Dockerfile b/Sessions/Dockerfile index b069e84f7..99e89344b 100644 --- a/Sessions/Dockerfile +++ b/Sessions/Dockerfile @@ -4,7 +4,7 @@ ARG AUTHORS FROM ${NAMESPACE}/base:${VERSION} LABEL authors=${AUTHORS} -USER 1200 +USER ${SEL_UID} #======================== # Selenium SessionMap Configuration @@ -12,7 +12,7 @@ USER 1200 EXPOSE 5556 -COPY start-selenium-grid-sessions.sh \ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-grid-sessions.sh \ /opt/bin/ COPY selenium-grid-sessions.conf /etc/supervisor/conf.d/ diff --git a/Standalone/Dockerfile b/Standalone/Dockerfile index addb83f9c..690753222 100644 --- a/Standalone/Dockerfile +++ b/Standalone/Dockerfile @@ -5,12 +5,12 @@ ARG BASE FROM ${NAMESPACE}/${BASE}:${VERSION} LABEL authors=${AUTHORS} -USER 1200 +USER ${SEL_UID} #==================================== # Scripts to run Selenium Standalone #==================================== -COPY start-selenium-standalone.sh /opt/bin/start-selenium-standalone.sh +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-standalone.sh /opt/bin/start-selenium-standalone.sh #============================== # Supervisor configuration file @@ -18,7 +18,7 @@ COPY start-selenium-standalone.sh /opt/bin/start-selenium-standalone.sh COPY selenium.conf /etc/supervisor/conf.d/ # Copying configuration script generator -COPY generate_config /opt/bin/generate_config +COPY --chown="${SEL_UID}:${SEL_GID}" generate_config /opt/bin/generate_config # Boolean value, maps "--relax-checks" ENV SE_RELAX_CHECKS true diff --git a/StandaloneDocker/Dockerfile b/StandaloneDocker/Dockerfile index 166d902ac..e2d1f5de9 100644 --- a/StandaloneDocker/Dockerfile +++ b/StandaloneDocker/Dockerfile @@ -4,7 +4,7 @@ ARG AUTHORS FROM ${NAMESPACE}/node-docker:${VERSION} LABEL authors=${AUTHORS} -USER 1200 +USER ${SEL_UID} #======================== # Selenium Standalone Docker Configuration @@ -12,7 +12,7 @@ USER 1200 EXPOSE 4444 -COPY start-selenium-grid-docker.sh /opt/bin/ +COPY --chown="${SEL_UID}:${SEL_GID}" start-selenium-grid-docker.sh /opt/bin/ # Boolean value, maps "--relax-checks" ENV SE_RELAX_CHECKS true