less privileges and other fixes
This commit is contained in:
Otto Seiskari
parent
4aeb700019
commit
4c109106cb
15
Dockerfile
15
Dockerfile
|
|
@ -1,23 +1,26 @@
|
|||
FROM ubuntu:bionic
|
||||
|
||||
RUN apt-get update && apt-get install -y firefox
|
||||
RUN apt-get update && apt-get install -y firefox \
|
||||
curl sudo openvpn transmission \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN export uid=1000 gid=1000 && \
|
||||
mkdir -p /home/user && \
|
||||
echo "user:x:${uid}:${gid}:User,,,:/home/user:/bin/bash" >> /etc/passwd && \
|
||||
echo "user:x:${uid}:" >> /etc/group && \
|
||||
chown ${uid}:${gid} -R /home/user
|
||||
|
||||
RUN apt-get install -y openvpn
|
||||
RUN apt-get install -y curl sudo
|
||||
|
||||
# Enable sudo (needed by openvpn, unfortunately)
|
||||
RUN echo "user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user && \
|
||||
chmod 0440 /etc/sudoers.d/user
|
||||
|
||||
USER user
|
||||
|
||||
COPY files/user.js /home/user/
|
||||
RUN mkdir -p /tmp/user.js.d/
|
||||
COPY files/user.js.d/* /tmp/user.js.d/
|
||||
RUN cat /tmp/user.js.d/* > /home/user/user.js
|
||||
COPY files/start.sh /home/user/
|
||||
COPY files/start-openvpn-blocking.sh /home/user/
|
||||
|
||||
ENV HOME /home/user
|
||||
CMD /bin/bash /home/user/start.sh
|
||||
ENTRYPOINT ["/bin/bash", "/home/user/start.sh"]
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
#!/bin/bash
|
||||
set -eux -o pipefail
|
||||
set -e -o pipefail
|
||||
|
||||
CONF="$1"
|
||||
sudo openvpn "$CONF" > "$HOME/openvpn.log" &
|
||||
sudo openvpn "$CONF" | tee "$HOME/openvpn.log" &
|
||||
|
||||
while [ `tail "$HOME/openvpn.log" | grep "Initialization Sequence Completed" | wc -l` == "0" ];
|
||||
do
|
||||
# echo "still not done"
|
||||
echo "... still waiting for OpenVPN to start"
|
||||
sleep 2
|
||||
done
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@ else
|
|||
echo "no OpenVPN config"
|
||||
fi
|
||||
|
||||
# revoke sudo privileges after OpenVPN start
|
||||
sudo rm /etc/sudoers.d/user
|
||||
|
||||
if [ ! -z ${ASSERT_COUNTRY+x} ]; then
|
||||
IP_COUNTRY=`curl ifconfig.co/country`
|
||||
echo " ---------------------------------------------------------------"
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
// Firefox often crashes without this setting
|
||||
// https://askubuntu.com/questions/966332/firefox-56-0-64-bit-crashing-tabs-after-upgrade
|
||||
user_pref("browser.tabs.remote.autostart", false);
|
||||
|
||||
// disable onboarding: you don't want to see the welcome message every time
|
||||
user_pref("browser.onboarding.enabled", false);
|
||||
|
||||
// no tracking protection intro
|
||||
user_pref("privacy.trackingprotection.introCount", 100);
|
||||
Loading…
Reference in New Issue