mirror
/
sitespeed.io
mirror of https://github.com/sitespeedio/sitespeed.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
sitespeed.io/docker/scripts
History
Mason Malone f311e12c02 Don't run node as root in Docker, fixes #1459 (#2710) 
* Don't run as root in Docker

This updates the start.sh script to create a group and user with the same GID
and UID as the working directory (normally /sitespeed.io), then use that for
running `node`. This fixes the issue of report files being owned by root.

This uses "chroot" to switch the new user instead of "su" because of the
signal handling issues mentioned at https://github.com/tianon/gosu.

I tested this with the following script:

    #!/bin/bash

    set -e

    docker build -t sitespeedio/sitespeed.io:test .

    docker run --rm -v "$PWD:/sitespeed.io" sitespeedio/sitespeed.io:test -b chrome --outputFolder chrome-result -n 1 https://www.example.com
    docker run --rm -v "$PWD:/sitespeed.io" sitespeedio/sitespeed.io:test -b firefox --outputFolder firefox-result -n 1 https://www.example.com
    docker run --cap-add=NET_ADMIN --rm -v "$PWD:/sitespeed.io" -e REPLAY=true sitespeedio/sitespeed.io:test --outputFolder wpr-result -n 1 -b chrome https://www.example.com

    ls *result

* Allow "sudo ip" and "sudo route"
 		2019-10-21 09:07:19 +02:00
..
start.sh Don't run node as root in Docker, fixes #1459 (#2710) 2019-10-21 09:07:19 +02:00