Providing a custom seccomp profile
lewisl9029 opened this issue · 3 comments
Hi, we're looking to run playwright in CI for end to end testing, and the docs mention we can run chrome without disabling sandbox by providing their custom seccomp profile to docker run: https://playwright.dev/#version=v1.3.0&path=docs%2Fdocker%2FREADME.md&q=run-the-image
I've verified that this works great locally.
However I can't seem to find a way supply the required args using docker-buildkite-plugin: --security-opt seccomp=seccomp_profile.json
Would you be willing to accept a PR to add this functionality?
In the mean time we can disable chrome sandboxing in CI, but that's not ideal as we would not be testing in the same environment as users.
Hey @lewisl9029, we support passing in args like (taken from the readme):
steps:
- plugins:
- docker#v3.5.0:
image: "mesosphere/aws-cli"
always-pull: true
command: ["s3", "sync", "s3://my-bucket/dist/", "/app/dist"]
artifact_paths: "dist/**"Would this work for your usecase?
Hi @jayco apologies for the late follow up. --security-opt seccomp=seccomp_profile.json is an arg to docker itself, not to the program running in the container. See https://docs.docker.com/engine/security/seccomp/
It looks like the suggestion you posted is for passing args to the program running inside the container, correct?