Run Chrome as 'chrome' user (#239)

* Run Chrome as 'chrome' user

* Use seccom instead of --privileged

chrome/stable/Dockerfile

@@ -6,13 +6,15 @@
 #	--memory 512mb \ # max memory it can use
 #	-v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
 #	-e DISPLAY=unix$DISPLAY \
-#	-v $HOME/Downloads:/root/Downloads \
+#	-v $HOME/Downloads:/home/chrome/Downloads \
 #	-v $HOME/.config/google-chrome/:/data \ # if you want to save state
 #	--device /dev/snd \ # so we have sound
 #	-v /dev/shm:/dev/shm \
 #	--name chrome \
 #	jess/chrome
 #
+# For Ubuntu I had to add download Jessie's chrome.json.
+# wget wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -o ~/chrome.json
 
 # Base docker image
 FROM debian:sid
@@ -42,9 +44,12 @@ RUN apt-get update && apt-get install -y \
 	&& apt-get purge --auto-remove -y curl \
 	&& rm -rf /var/lib/apt/lists/* \
 	&& rm -rf /src/*.deb
+RUN groupadd -r chrome && useradd -r -g chrome -G audio,video chrome \
+    && mkdir -p /home/chrome/Downloads && chown -R chrome:chrome /home/chrome
 
 COPY local.conf /etc/fonts/local.conf
-
+# Run Chrome as non privileged user
+USER chrome
 # Autorun chrome
 ENTRYPOINT [ "google-chrome" ]
 CMD [ "--user-data-dir=/data" ]