Run all processes with seluser instead of root

Base/Dockerfile

@@ -8,11 +8,15 @@ RUN  echo "deb http://archive.ubuntu.com/ubuntu xenial main universe\n" > /etc/a
   && echo "deb http://archive.ubuntu.com/ubuntu xenial-updates main universe\n" >> /etc/apt/sources.list \
   && echo "deb http://security.ubuntu.com/ubuntu xenial-security main universe\n" >> /etc/apt/sources.list
 
+# No interactive frontend during docker build
+ENV DEBIAN_FRONTEND=noninteractive \
+    DEBCONF_NONINTERACTIVE_SEEN=true
+
 #========================
 # Miscellaneous packages
 # Includes minimal runtime used for executing non GUI Java programs
 #========================
-RUN apt-get update -qqy \
+RUN apt-get -qqy update \
   && apt-get -qqy --no-install-recommends install \
     bzip2 \
     ca-certificates \
@@ -32,16 +36,26 @@ ENV TZ "UTC"
 RUN echo "${TZ}" > /etc/timezone \
   && dpkg-reconfigure --frontend noninteractive tzdata
 
-#==========
-# Selenium
-#==========
-RUN  mkdir -p /opt/selenium \
-  && wget --no-verbose https://selenium-release.storage.googleapis.com/3.4/selenium-server-standalone-3.4.0.jar -O /opt/selenium/selenium-server-standalone.jar
-
 #========================================
 # Add normal user with passwordless sudo
 #========================================
-RUN sudo useradd seluser --shell /bin/bash --create-home \
-  && sudo usermod -a -G sudo seluser \
+RUN useradd seluser \
+         --shell /bin/bash  \
+         --create-home \
+  && usermod -a -G sudo seluser \
   && echo 'ALL ALL = (ALL) NOPASSWD: ALL' >> /etc/sudoers \
   && echo 'seluser:secret' | chpasswd
+
+#===================================================
+# Run the following commands as non-privileged user
+#===================================================
+USER seluser
+
+#==========
+# Selenium
+#==========
+RUN  sudo mkdir -p /opt/selenium \
+  && sudo chown seluser:seluser /opt/selenium \
+  && wget --no-verbose https://selenium-release.storage.googleapis.com/3.4/selenium-server-standalone-3.4.0.jar \
+    -O /opt/selenium/selenium-server-standalone.jar
+

Hub/Dockerfile.txt

@@ -1,3 +1,5 @@
+USER seluser
+
 #========================
 # Selenium Configuration
 #========================
@@ -21,11 +23,12 @@ ENV GRID_TIMEOUT 30
 # Debug
 ENV GRID_DEBUG false
 
-COPY generate_config /opt/selenium/generate_config
-COPY entry_point.sh /opt/bin/entry_point.sh
-RUN /opt/selenium/generate_config > /opt/selenium/config.json
-RUN chown -R seluser /opt/selenium
-
-USER seluser
+COPY generate_config \
+    entry_point.sh \
+    /opt/bin/
+# Running this command as sudo just to avoid the message:
+# To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details.
+# When logging into the container
+RUN sudo /opt/bin/generate_config > /opt/selenium/config.json
 
 CMD ["/opt/bin/entry_point.sh"]

Hub/entry_point.sh

@@ -3,7 +3,7 @@
 ROOT=/opt/selenium
 CONF=$ROOT/config.json
 
-$ROOT/generate_config >$CONF
+/opt/bin/generate_config >$CONF
 
 echo "starting selenium hub with configuration:"
 cat $CONF
@@ -26,4 +26,4 @@ java ${JAVA_OPTS} -jar /opt/selenium/selenium-server-standalone.jar \
 NODE_PID=$!
 
 trap shutdown SIGTERM SIGINT
-wait $NODE_PID
+wait $NODE_PID

Makefile

@@ -61,7 +61,7 @@ standalone_firefox: generate_standalone_firefox firefox
 	cd ./StandaloneFirefox && docker build $(BUILD_ARGS) -t $(NAME)/standalone-firefox:$(VERSION) .
 
 generate_standalone_firefox_debug:
-	cd ./StandaloneDebug && ./generate.sh StandaloneFirefoxDebug standalone-firefox Firefox $(VERSION) $(NAMESPACE) $(AUTHORS)
+	cd ./StandaloneDebug && ./generate.sh StandaloneFirefoxDebug node-firefox-debug Firefox $(VERSION) $(NAMESPACE) $(AUTHORS)
 
 standalone_firefox_debug: generate_standalone_firefox_debug standalone_firefox
 	cd ./StandaloneFirefoxDebug && docker build $(BUILD_ARGS) -t $(NAME)/standalone-firefox-debug:$(VERSION) .
@@ -73,7 +73,7 @@ standalone_chrome: generate_standalone_chrome chrome
 	cd ./StandaloneChrome && docker build $(BUILD_ARGS) -t $(NAME)/standalone-chrome:$(VERSION) .
 
 generate_standalone_chrome_debug:
-	cd ./StandaloneDebug && ./generate.sh StandaloneChromeDebug standalone-chrome Chrome $(VERSION) $(NAMESPACE) $(AUTHORS)
+	cd ./StandaloneDebug && ./generate.sh StandaloneChromeDebug node-chrome-debug Chrome $(VERSION) $(NAMESPACE) $(AUTHORS)
 
 standalone_chrome_debug: generate_standalone_chrome_debug standalone_chrome
 	cd ./StandaloneChromeDebug && docker build $(BUILD_ARGS) -t $(NAME)/standalone-chrome-debug:$(VERSION) .

NodeBase/Dockerfile.txt

@@ -1,5 +1,4 @@
-ENV DEBIAN_FRONTEND noninteractive
-ENV DEBCONF_NONINTERACTIVE_SEEN true
+USER root
 
 #==============
 # VNC and Xvfb
@@ -10,14 +9,18 @@ RUN apt-get update -qqy \
     xvfb \
   && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
+#===================================================
+# Run the following commands as non-privileged user
+#===================================================
+
+USER seluser
+
 #==============================
 # Scripts to run Selenium Node
 #==============================
-COPY \
-  entry_point.sh \
+COPY entry_point.sh \
   functions.sh \
     /opt/bin/
-RUN chmod +x /opt/bin/entry_point.sh
 
 #============================
 # Some configuration options
@@ -27,6 +30,27 @@ ENV SCREEN_HEIGHT 1020
 ENV SCREEN_DEPTH 24
 ENV DISPLAY :99.0
 
-USER seluser
+#========================
+# Selenium Configuration
+#========================
+# As integer, maps to "maxInstances"
+ENV NODE_MAX_INSTANCES 1
+# As integer, maps to "maxSession"
+ENV NODE_MAX_SESSION 1
+# As integer, maps to "port"
+ENV NODE_PORT 5555
+# In milliseconds, maps to "registerCycle"
+ENV NODE_REGISTER_CYCLE 5000
+# In milliseconds, maps to "nodePolling"
+ENV NODE_POLLING 5000
+# In milliseconds, maps to "unregisterIfStillDownAfter"
+ENV NODE_UNREGISTER_IF_STILL_DOWN_AFTER 60000
+# As integer, maps to "downPollingLimit"
+ENV NODE_DOWN_POLLING_LIMIT 2
+# As string, maps to "applicationName"
+ENV NODE_APPLICATION_NAME ""
+
+# Following line fixes https://github.com/SeleniumHQ/docker-selenium/issues/87
+ENV DBUS_SESSION_BUS_ADDRESS=/dev/null
 
 CMD ["/opt/bin/entry_point.sh"]

NodeBase/entry_point.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 source /opt/bin/functions.sh
-/opt/selenium/generate_config > /opt/selenium/config.json
+/opt/bin/generate_config > /opt/selenium/config.json
 
 export GEOMETRY="$SCREEN_WIDTH""x""$SCREEN_HEIGHT""x""$SCREEN_DEPTH"
 
@@ -29,8 +29,6 @@ if [ ! -z "$SE_OPTS" ]; then
   echo "appending selenium options: ${SE_OPTS}"
 fi
 
-# TODO: Look into http://www.seleniumhq.org/docs/05_selenium_rc.jsp#browser-side-logs
-
 SERVERNUM=$(get_server_num)
 
 rm -f /tmp/.X*lock
@@ -44,4 +42,4 @@ xvfb-run -n $SERVERNUM --server-args="-screen 0 $GEOMETRY -ac +extension RANDR"
 NODE_PID=$!
 
 trap shutdown SIGTERM SIGINT
-wait $NODE_PID
+wait $NODE_PID

NodeChrome/Dockerfile.txt

@@ -19,6 +19,8 @@ RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key
   && rm /etc/apt/sources.list.d/google-chrome.list \
   && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
+USER seluser
+
 #==================
 # Chrome webdriver
 #==================
@@ -29,40 +31,11 @@ RUN wget --no-verbose -O /tmp/chromedriver_linux64.zip https://chromedriver.stor
   && rm /tmp/chromedriver_linux64.zip \
   && mv /opt/selenium/chromedriver /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION \
   && chmod 755 /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION \
-  && ln -fs /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION /usr/bin/chromedriver
+  && sudo ln -fs /opt/selenium/chromedriver-$CHROME_DRIVER_VERSION /usr/bin/chromedriver
 
-#========================
-# Selenium Configuration
-#========================
-# As integer, maps to "maxInstances"
-ENV NODE_MAX_INSTANCES 1
-# As integer, maps to "maxSession"
-ENV NODE_MAX_SESSION 1
-# As integer, maps to "port"
-ENV NODE_PORT 5555
-# In milliseconds, maps to "registerCycle"
-ENV NODE_REGISTER_CYCLE 5000
-# In milliseconds, maps to "nodePolling"
-ENV NODE_POLLING 5000
-# In milliseconds, maps to "unregisterIfStillDownAfter"
-ENV NODE_UNREGISTER_IF_STILL_DOWN_AFTER 60000
-# As integer, maps to "downPollingLimit"
-ENV NODE_DOWN_POLLING_LIMIT 2
-# As string, maps to "applicationName"
-ENV NODE_APPLICATION_NAME ""
-
-COPY generate_config /opt/selenium/generate_config
-RUN chmod +x /opt/selenium/generate_config
+COPY generate_config /opt/bin/generate_config
 
 #=================================
 # Chrome Launch Script Modification
 #=================================
 COPY chrome_launcher.sh /opt/google/chrome/google-chrome
-RUN chmod +x /opt/google/chrome/google-chrome
-
-RUN chown -R seluser:seluser /opt/selenium
-
-# Following line fixes https://github.com/SeleniumHQ/docker-selenium/issues/87
-ENV DBUS_SESSION_BUS_ADDRESS=/dev/null
-
-USER seluser

NodeChromeDebug/entry_point.sh

@@ -1,7 +1,9 @@
 #!/bin/bash
+#
+# IMPORTANT: Change this file only in directory NodeDebug!
 
 source /opt/bin/functions.sh
-/opt/selenium/generate_config > /opt/selenium/config.json
+/opt/bin/generate_config > /opt/selenium/config.json
 
 export GEOMETRY="$SCREEN_WIDTH""x""$SCREEN_HEIGHT""x""$SCREEN_DEPTH"
 
@@ -29,17 +31,11 @@ if [ ! -z "$SE_OPTS" ]; then
   echo "appending selenium options: ${SE_OPTS}"
 fi
 
-# TODO: Look into http://www.seleniumhq.org/docs/05_selenium_rc.jsp#browser-side-logs
-
 SERVERNUM=$(get_server_num)
 
 rm -f /tmp/.X*lock
 
-env | cut -f 1 -d "=" | sort > asroot
-  sudo -E -u seluser -i env | cut -f 1 -d "=" | sort > asseluser
-  sudo -E -i -u seluser \
-  "$(for E in $(grep -vxFf asseluser asroot); do echo $E=$(eval echo \$$E); done)" \
-  DISPLAY=$DISPLAY \
+DISPLAY=$DISPLAY \
   xvfb-run -n $SERVERNUM --server-args="-screen 0 $GEOMETRY -ac +extension RANDR" \
   java ${JAVA_OPTS} -jar /opt/selenium/selenium-server-standalone.jar \
     -role node \

NodeDebug/Dockerfile.txt

@@ -6,9 +6,7 @@ USER root
 RUN apt-get update -qqy \
   && apt-get -qqy install \
   x11vnc \
-  && rm -rf /var/lib/apt/lists/* /var/cache/apt/* \
-  && mkdir -p /root/.vnc \
-  && x11vnc -storepasswd secret ~/.vnc/passwd
+  && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
 #=================
 # Locale settings
@@ -43,10 +41,19 @@ RUN apt-get update -qqy \
     fluxbox \
   && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
+USER seluser
+
+#==============================
+# Generating the VNC password as seluser
+# So the service can be started with seluser
+#==============================
+
+RUN mkdir -p ~/.vnc \
+  && x11vnc -storepasswd secret ~/.vnc/passwd
+
 #==============================
 # Scripts to run Selenium Node
 #==============================
 COPY entry_point.sh /opt/bin/entry_point.sh
-RUN chmod +x /opt/bin/entry_point.sh
 
 EXPOSE 5900

NodeDebug/entry_point.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# IMPORTANT: Change this file only in directory NodeDebug!
+
+source /opt/bin/functions.sh
+/opt/bin/generate_config > /opt/selenium/config.json
+
+export GEOMETRY="$SCREEN_WIDTH""x""$SCREEN_HEIGHT""x""$SCREEN_DEPTH"
+
+if [ ! -e /opt/selenium/config.json ]; then
+  echo No Selenium Node configuration file, the node-base image is not intended to be run directly. 1>&2
+  exit 1
+fi
+
+if [ -z "$HUB_PORT_4444_TCP_ADDR" ]; then
+  echo Not linked with a running Hub container 1>&2
+  exit 1
+fi
+
+function shutdown {
+  kill -s SIGTERM $NODE_PID
+  wait $NODE_PID
+}
+
+if [ ! -z "$REMOTE_HOST" ]; then
+  >&2 echo "REMOTE_HOST variable is *DEPRECATED* in these docker containers.  Please use SE_OPTS=\"-host <host> -port <port>\" instead!"
+  exit 1
+fi
+
+if [ ! -z "$SE_OPTS" ]; then
+  echo "appending selenium options: ${SE_OPTS}"
+fi
+
+SERVERNUM=$(get_server_num)
+
+rm -f /tmp/.X*lock
+
+DISPLAY=$DISPLAY \
+  xvfb-run -n $SERVERNUM --server-args="-screen 0 $GEOMETRY -ac +extension RANDR" \
+  java ${JAVA_OPTS} -jar /opt/selenium/selenium-server-standalone.jar \
+    -role node \
+    -hub http://$HUB_PORT_4444_TCP_ADDR:$HUB_PORT_4444_TCP_PORT/grid/register \
+    -nodeConfig /opt/selenium/config.json \
+    ${SE_OPTS} &
+NODE_PID=$!
+
+trap shutdown SIGTERM SIGINT
+for i in $(seq 1 10)
+do
+  xdpyinfo -display $DISPLAY >/dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    break
+  fi
+  echo Waiting xvfb...
+  sleep 0.5
+done
+
+fluxbox -display $DISPLAY &
+
+x11vnc -forever -usepw -shared -rfbport 5900 -display $DISPLAY &
+
+wait $NODE_PID

NodeDebug/generate.sh

@@ -21,3 +21,4 @@ cat ./README.template.md \
   | sed "s/##FOLDER##/$1/" > $FOLDER/README.md
 
 cp ./README-short.txt $FOLDER/README-short.txt
+cp ./entry_point.sh $FOLDER/entry_point.sh