Run all processes with seluser instead of root

[diemol]

While checking #474, I found that in some images the processes are run by seluser and in other ones they are run with seluser and root (specially in the debug ones). E.g.:

docker run --rm -p 4444:4444 -p 5900:5900 -v /dev/shm:/dev/shm --shm-size=1g selenium/standalone-chrome-debug:3.4.0-chromium

docker exec -ti objective_stonebraker bash

root@be3eb04ea476:/# ps -aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.1  20996  3280 ?        Ss+  14:44   0:00 /bin/bash /opt/bin/entry_point.sh
root        21  0.0  0.0  20992  1616 ?        S+   14:44   0:00 /bin/bash /opt/bin/entry_point.sh
root        26  0.0  0.0   4508  1632 ?        S+   14:44   0:00 /bin/sh /usr/bin/xvfb-run -n 99 --server-args=-screen 0 1360x1020x24 -ac +extension RANDR java -jar /opt/selenium/se
root        38  0.8  2.6 217096 54464 ?        Sl+  14:44   0:00 Xvfb :99 -screen 0 1360x1020x24 -ac +extension RANDR -nolisten tcp -auth /tmp/xvfb-run.l7EYS6/Xauthority
root        43  3.0  2.3 2966204 48284 ?       Sl+  14:44   0:01 java -jar /opt/selenium/selenium-server-standalone.jar
root        56  1.8  0.5 114212 10972 ?        S+   14:44   0:00 fluxbox -display :99.0
root        57  0.2  0.6 113380 13536 ?        S+   14:44   0:00 x11vnc -forever -usepw -shared -rfbport 5900 -display :99.0
root        78  1.0  0.1  21196  3672 ?        Ss   14:45   0:00 bash
root        87  0.0  0.1  37364  3276 ?        R+   14:45   0:00 ps -aux

I went through all the Dockerfiles and entry_point.sh and improved them so all the processes run now with seluser.

I executed the tests and they passed, I also tested it so the fix done in #459 and #469 don't get lost.

@ddavison
I will add some comments next to the commits to make this PR easier to review.

@elgalu, can you please also help to review this PR?

• By placing an X in the preceding checkbox, I verify that I have signed the Contributor License Agreement

[diemol]

The Selenium related files are placed in a seluser home subfolder, called /home/seluser/selenium/, so the seluser is owner by default.

[diemol]

Running all commands as seluser, so the ENV vars a present for this user always.

[diemol]

Building the StandaloneDebug images based on the NodeDebug images, makes the build faster.

[diemol]

Leaving these ENV vars in the NodeBase image, they were duplicated in other docker files.
Exporting them with seluser, so they are present by default in the entry points.

[diemol]

This was a workaround to export the ENV vars present in the root user and not present in the seluser. Since all ENV vars are now exported with the seluser, this is not needed anymore.

[diemol]

File added to handle the entry_point.sh in the same way it is done for the StandaloneDebug images. Things get changed here and the file is copied to the appropriate folders.

[diemol]

All these ENV vars are now exported in the NodeBase image.

[diemol]

This file was in the repo, but not used anywhere. The Dockerfile comes from the NodeDebug folder.

[diemol]

This was a workaround to export the ENV vars present in the root user and not present in the seluser. Since all ENV vars are now exported with the seluser, this is not needed anymore.

[diemol]

Removing this TODO since the browserSideLog (which the URL refers to), should not be used anymore according to the Selenium Grid code

[elgalu]

👍 on my side, I run a couple of tests in my OSX host and also in my Linux host, using chrome and firefox standalone images built from Diego's fork.

[ddavison]

i'd like to merge this in at the same time as i get the new testing in place. working on it as we speak, so hopefully soon we'll get this in :)

[ddavison]

the only thing that concerns me with these changes, are programs that have their own arbitrary user for security purposes, e.g.: OpenShift. We can fix these on an adhoc basis, but we can probably expect to see some issues being created regarding this.