Adjusting container permissions for OpenShift and other non-sudo environments. Fixes #802

Author: diemol

Base/Dockerfile

@@ -66,26 +66,21 @@ RUN chmod +x /opt/bin/check-grid.sh
 #======================================
 COPY supervisord.conf /etc
 
-#===================================================
-# Run the following commands as non-privileged user
-#===================================================
-USER seluser
-
 #==========
-# Selenium
+# Selenium & relaxing permissions for OpenShift and other non-sudo environments
 #==========
-RUN  sudo mkdir -p /opt/selenium \
-  && sudo chown seluser:seluser /opt/selenium \
+RUN  mkdir -p /opt/selenium /var/run/supervisor /var/log/supervisor \
+  && touch /opt/selenium/config.json \
+  && chmod -R 777 /opt/selenium /var/run/supervisor /var/log/supervisor /etc/passwd \
   && wget --no-verbose https://selenium-release.storage.googleapis.com/3.14/selenium-server-standalone-3.14.0.jar \
     -O /opt/selenium/selenium-server-standalone.jar \
-  && sudo chgrp -R 0 /opt/selenium $HOME \
-  && sudo chmod -R g=u /opt/selenium $HOME \
-  && sudo mkdir -p /var/run/supervisor/ \
-  && sudo mkdir -p /var/log/supervisor/ \
-  && sudo chown -R seluser:seluser /var/run/supervisor \
-  && sudo chown -R seluser:seluser /var/log/supervisor \
-  && sudo chgrp -R 0 /var/run/supervisor /var/log/supervisor \
-  && sudo chmod -R g=u /var/run/supervisor /var/log/supervisor
+  && chgrp -R 0 /opt/selenium ${HOME} /var/run/supervisor /var/log/supervisor \
+  && chmod -R g=u /opt/selenium ${HOME} /var/run/supervisor /var/log/supervisor
+
+#===================================================
+# Run the following commands as non-privileged user
+#===================================================
+USER seluser
 
 
 CMD ["/opt/bin/entry_point.sh"]

Base/entry_point.sh

@@ -1,5 +1,16 @@
 #!/usr/bin/env bash
 
+#==============================================
+# OpenShift or non-sudo environments support
+# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
+#==============================================
+
+if ! whoami &> /dev/null; then
+  if [ -w /etc/passwd ]; then
+    echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
+  fi
+fi
+
 /usr/bin/supervisord --configuration /etc/supervisord.conf &
 
 SUPERVISOR_PID=$!

NodeDebug/Dockerfile.txt

@@ -24,8 +24,15 @@ USER seluser
 # So the service can be started with seluser
 #==============================
 
-RUN mkdir -p ~/.vnc \
-  && x11vnc -storepasswd secret ~/.vnc/passwd
+RUN mkdir -p ${HOME}/.vnc \
+  && x11vnc -storepasswd secret ${HOME}/.vnc/passwd
+
+#==========
+# Relaxing permissions for OpenShift and other non-sudo environments
+#==========
+RUN sudo chmod -R 777 ${HOME} \
+  && sudo chgrp -R 0 ${HOME} \
+  && sudo chmod -R g=u ${HOME}
 
 #==============================
 # Scripts to run fluxbox and x11vnc

NodeFirefox/Dockerfile.txt

@@ -34,10 +34,13 @@ USER seluser
 
 COPY generate_config /opt/bin/generate_config
 
-# Running this command as sudo just to avoid the message:
-# To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details.
-# When logging into the container
-RUN sudo echo ""
-
 # Generating a default config during build time
 RUN /opt/bin/generate_config > /opt/selenium/config.json
+
+#==========
+# Relaxing permissions for OpenShift and other non-sudo environments
+#==========
+RUN sudo chmod -R 777 ${HOME} \
+  && sudo chgrp -R 0 ${HOME} \
+  && sudo chmod -R g=u ${HOME}
+