maintained by: hkdb hkdb@3df.io
A dockerized instance of Brave browser running as a non-root user. Useful when "a separate sandboxed environment for testing" or "added security for browsing sites that are questionable" is needed. It's also useful if you would like to have an independant browser that's permanently connected to a VPN without interfering with the rest of the host's networking.
- GNU/Linux with Docker installed
This might work for Windows and Mac as well but needs to find a different way to connect container to host devices (snd, shm, & dri) with the docker run command adjusted.
Clone the repo and run the following interactive script from within:
./install.sh
The install script will automatically launch Brave. After you close the browser, the docker container will stop. To start this dockerized Brave browser anytime, you can just execute docker start dbrave or if you are a Gnome user, just search and pick "Dockerized Brave" from your launcher.
This installation script does the following:
- Build the container image according to your host environment/user and container user password input. Note*
You are setting your password here so that you can use sudo to update the container from within later. - Creates volume for easy file access after downloading files with this browser
- Launches containerized Brave Browser
- Optionally install launcher shortcut for Gnome DE
- copies icon to ~/.local/share/icons/hicolor/512x512/apps
- copies dBrave.desktop with the proper username to ~/.local/share/applications
- copies a script called dbrave to ~/.local/bin which really only executes
docker start dbrave
Build:
docker build --build-arg USER=$USER --build-arg PASS=<password of your choice> -t local/dbrave:v0.01 .
Create HomeDir Volumes:
mkdir -p ~/Containers/dbrave/home
docker volume create --driver local --opt type=none --opt device=~/Containers/dbrave/home --opt o=bind dbrave-home
Initial Run:
docker run -d --name dbrave --hostname dbrave --user $USER --dns="1.1.1.1" --cap-add=NET_ADMIN --device=/dev/net/tun -v dbrave-home:/home/$USER -v /tmp/.X11-unix:/tmp/.X11-unix --security-opt seccomp=./brave.json -e DISPLAY=unix$DISPLAY --device /dev/dri -v /dev/shm:/dev/shm --device /dev/snd local/dbrave:v0.01
To launch it after you closed the initial run:
docker start dbrave
There are many ways to accomplish this including manually executing the openvpn command inside the container. What I usually do is put a script along with associating ovpn & creds files into a VPN folder in the homedir and then just using a simple alias on the host to kick off the VPNs.
You can simply update the container without rebuilding the image by executing the following:
$ docker exec -ti dbrave bash
$ sudo apt update
$ sudo apt upgrade
- 07232022 - Switched to 20.04 to avoid privileged & removed dl dir
- 07232022 - Added install steps to support OpenVPN
- 03082022 - Added OpenVPN
- 02032022 - Initial commit
- SecComp Profile
brave.jsonis based on: https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json - Referenced this post a lot as I built this repo: https://bacchi.org/posts/brave-in-docker/
This repo is sponsored by 3DF OSI and is maintained by volunteers. 3DF Limited, 3DF OSI, and its volunteers including the author in no way make any guarantees. Please use at your own risk!
To Learn more, please visit: