[🚀 Feature]: non-root user for selenium/video

[vertexvaar]

Feature and motivation

I love using selenium for acceptance tests ❤️
I've setup github actions with docker-compose for my project to run acceptance tests. selenium/video:ffmpeg-6.1-20231219 starts and ends perfectly fine.
The complete test run is really long and will exceed 15 Minutes in the near future. So i came to think that it would be useful to only require failed tests and therefore control the recording from within the test runner.
I can start selenium/video from inside the container by mounting the docker socket and executing docker run ... where the tests are executed. I'm able to record each test in a single video. But i am not able to discard videos, as they are created by root:root and i am running a non-root container (uid/gid 1000). I tried to run with docker run -u1000, but that conflicts with supervisor: Error: Can't drop privilege as nonroot user.

Would it be possible to run the container as another user, so the resulting videos have the correct user uid/gid? I'd also be grateful if there is a guide how to build the image with uid/gid 1000 hardcoded, if running the container non-root is not possible.

Usage example

My docker run example would look like this:
docker run --rm -u1000 --network=foo-bar_default -v /virtualpath/projects/packages/foo-bar/.project/artifacts/videos/:/videos -e DISPLAY_CONTAINER_NAME=selenium-node-chrome -e FILE_NAME=chrome_video.mp4 selenium/video:ffmpeg-6.1-20231219

I can also imagin passing an environment variable or CMD argument to the container to control the effective user in the container.

[github-actions]

@vertexvaar, thank you for creating this issue. We will troubleshoot it as soon as we can.

---

Info for maintainers

Triage this issue by using labels.

If information is missing, add a helpful comment and then I-issue-template label.

If the issue is a question, add the I-question label.

If the issue is valid but there is no time to troubleshoot it, consider adding the help wanted label.

If the issue requires changes or fixes from an external project (e.g., ChromeDriver, GeckoDriver, MSEdgeDriver, W3C), add the applicable G-* label, and it will provide the correct link and auto-close the issue.

After troubleshooting the issue, please add the R-awaiting answer label.

Thank you!

[VietND96]

Hi @vertexvaar, is this fine if video image will handle non-root user similar to current hub/node images?

[github-actions]

This issue is looking for contributors.

Please comment below or reach out to us through our IRC/Slack/Matrix channels if you are interested.

[vertexvaar]

@VietND96 i had a look into the Dockerfile and it seems to be fine. As far as i understood, you define SEL_USER, SEL_UID and SEL_GID and create the user in the Dockerfile. If someone wants to change the user the image will be created with, they have to build the image with those build arguments. There seems no way to define the user dynamically when starting the image, at least for selenium images (I've seen other vendors create the user in their entrypoint and use programs like gosu to switch the user).

The usage would be therefore something like

docker build -t selenium/video:user-1000 --build-arg="SEL_USER=app" --build-arg="SEL_UID=1000" --build-arg="SEL_GID=1000" .
docker run [...] selenium/video:user-1000

[VietND96]

@vertexvaar, you can use nightly image tag for the preview. You can pass the host UID when starting the container
docker run -u $(id -u) [...] or config user in docker-compose

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.