30-04-2021

Docker Firefox



Download Our Free Benchmark PDFs

The CIS Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.

View Our Extensive Benchmark List:

  • Docker run -p 5900 creack/firefox-vnc x11vnc -forever -usepw -create Share. Improve this answer. Follow edited Apr 15 '19 at 22:26.
  • The build docker command also has the –shm-size for the purpose of the building process not changing the default shared memory size in the containers based on the image afterward. Author neoX Posted on September 29, 2020 Categories tips, Uncategorized Tags /dev/shm, firefox, mount.

Ffdocker - Firefox-in-a-Docker for desktop use. The goal was to isolate Firefox from as much of the hardware and filesystem as seemed “reasonable” to me. My reasonable may not be yours.

Desktops & Web Browsers:

  • Apple Desktop OSX
  • Apple Safari Browser
  • Google Chrome
  • Microsoft Internet Explorer
  • Microsoft Windows Desktop XP/NT
  • Mozilla Firefox Browser
  • Opera Browser

Mobile Devices

  • Apple Mobile Platform iOS
  • Google Mobile Platform

Network Devices

  • Agnostic Print Devices
  • Checkpoint Firewall
  • Cisco Firewall Devices
  • Cisco Routers/Switches IOS
  • Cisco Wireless LAN Controller
  • Juniper Routers/Switches JunOS

Security Metrics

  • Quick Start Guide
  • Security Metrics

Servers – Operating Systems

  • Amazon Linux
  • CentOS
  • Debian Linux Server
  • IBM AIX Server
  • Microsoft Windows Server
  • Novell Netware
  • Oracle Linux
  • Oracle Solaris Server
  • Red Hat Linux Server
  • Slackware Linux Server
  • SUSE Linux Enterprise Server
  • Ubuntu LTS Server

Servers – Other

  • Apache HTTP Server
  • Apache Tomcat Server
  • BIND DNS Server
  • FreeRADIUS
  • Microsoft IIS Server
  • IBM DB2 Server
  • Microsoft Exchange
  • Microsoft SharePoint Server
  • Microsoft SQL Server
  • MIT Kerberos
  • MySQL Database Server
  • Novell eDirectory
  • OpenLDAP Server
  • Oracle Database Server
  • Sybase Database Server

Virtualization Platforms & Cloud

  • Agnostic VM Server
  • AWS Foundations
  • AWS Three-Tier Web Architecture
  • Docker
  • Kubernetes
  • VMware Server
  • Xen Server

Other

  • Microsoft Access
  • Microsoft Excel
  • Microsoft Office
  • Microsoft Outlook
  • Microsoft PowerPoint
  • Microsoft Word
Once you start messing around with desktop containers, you end up doing a lot of things 'because you can' and not because they're a particularly good idea. For example, I need to run multiple Firefox instances under different profiles in order to maintain various social media accounts, such as the @projectatomic twitter feed. Now, I could do that by launching Firefox with various -P flags, but that would be no fun at all. Instead, I'm going to launch Firefox in a container.
Mind you, if you're a webdev or a desktop hacker, this would be a good way to launch various hacked versions of Firefox without messing with the browser you need every day. There's four basic steps here:
  1. build a Firefox image
  2. authorize X11 connections from containers
  3. enable Firefox connections in SELinux
  4. run the container
First, build the Firefox image. This is fairly standard except that you need to tailor it to the UID and GID of your desktop user so that you don't have to jump through a lot of hoops to get SELinux to authorize connecting from the container to your desktop X server. I use a Dockerfile like this one:
#!/bin/bash
FROM fedora
# install firefox
RUN dnf install -y firefoxFirefox
# install dependancies
RUN dnf install -y libcanberra-gtk3 PackageKit-gtk3-module
dbus dbus-devel dbus-x11
RUN dbus-uuidgen --ensure

 # make uid and gid match inside and outside the container
# replace 1000 with your gid/uid, find them by running
# the id command
RUN export uid=1000 gid=1000 &&
mkdir -p /home/firefox &&
echo 'firefox:x:${uid}:${gid}:Developer,:/home/firefox:/bin/bash' >> /etc/passwd &&
echo 'firefox:x:${uid}:' >> /etc/group &&
echo 'firefox ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers &&
chmod 0440 /etc/sudoers &&
chown ${uid}:${gid} -R /home/firefox

 #remove cache from the image to shrink it a bit
RUN dnf clean all

 # set up and run firefox
USER firefox
ENV HOME /home/firefox
CMD /usr/bin/firefox -no-remote
Then you can build your image by running:
docker build -t username/firefox .
Next we need to make sure that the docker container is allowed to run X11 apps on your desktop machine, so that Firefox can run inside the container but be displayed on your desktop. This is a simple command, allowing anyone on localhost to run X apps:
xhost + 127.0.0.1
Thirdly we'll need to also make that work with SELinux. The simplest way to do this is to try it, have SELinux block, and then enable it. So try launching the Firefox container with the command in the step below. It should fail with some kind of 'could not connect to display' error. Then run these commands, as root:

Docker Firefox Sync

grep firefox /var/log/audit/audit.log | audit2allow -M mypol

Finally, your Firefox container should be ready to go. Except you need to add some flags, due to the need to share the X11 socket between the container and the desktop. Here's what I use:
docker run -it -e DISPLAY --net=host jberkus/firefox
This should bring up Firefox in a window on your desktop, under a profile and cache which exists only in the container. If you want to always dispose of this Firefox without saving anything, add an --rm flag to the above.

Docker Firefox Selenium

If you don't want to paste all of the above from a blog (and really, who does?) I've put up some scripts on Github.

Docker Firefox X11


Run Gui In Docker

Now, if only I could figure out why fonts aren't rendering correctly in Firefox run this way. Ideas?