Skip to content
This repository has been archived by the owner on May 21, 2022. It is now read-only.

NovelService/puppeteer-docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
seccomp.json
seccomp.json
 
 

Repository files navigation

percollate-docker

Docker image containing puppeteer running in user mode with a minimal set of permissions.

Get it from https://hub.docker.com/r/xiangronglin/puppeteer with docker pull xiangronglin/puppeteer

The missing permissions are added with security options (preferred) or through linux capabilities. See this article: https://ndportmann.com/chrome-in-docker/

Security options

The required system calls are explicitly added to a whitelist. Use docker run --security-opt seccomp=seccomp.json with the provided seccomp.json. It is based on Moby's default taken on 21.01.2021 and extended with the required calls arch_prctl chroot clone fanotify_init name_to_handle_at open_by_handle_at setdomainname sethostname syslog unshare vhangup setns source

Linux capabilities

Capabilities are grouped which then can be specifically assigned. Use docker run --cap-add=SYS_ADMIN which contain the required ones. Beware that this is basically root with a few less system calls available.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages