From 867cd834c3deb6189ad7fcecbe973b1a125157f4 Mon Sep 17 00:00:00 2001
From: Ro Santalla <roberto@santalla.io>
Date: Tue, 28 May 2024 18:59:01 +0200
Subject: [PATCH] crocochrome: start chromium as a different user

---
 crocochrome.go | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/crocochrome.go b/crocochrome.go
index d4414c3..ce787f8 100644
--- a/crocochrome.go
+++ b/crocochrome.go
@@ -1,6 +1,7 @@
 package crocochrome
 
 import (
+	"bytes"
 	"context"
 	"crypto/rand"
 	"encoding/hex"
@@ -10,6 +11,7 @@ import (
 	"net"
 	"os/exec"
 	"sync"
+	"syscall"
 	"time"
 
 	"github.com/grafana/crocochrome/chromium"
@@ -95,19 +97,37 @@ func (s *Supervisor) Session() (SessionInfo, error) {
 
 	go func() {
 		logger.Debug("starting session")
+		stdout := &bytes.Buffer{}
+		stderr := &bytes.Buffer{}
+
 		cmd := exec.CommandContext(ctx,
 			s.opts.ChromiumPath,
 			"--headless",
 			"--remote-debugging-address=0.0.0.0",
 			"--remote-debugging-port="+s.opts.ChromiumPort,
-			"--no-sandbox", // TODO: Sandbox.
+			"--no-sandbox",
 		)
 		cmd.Env = []string{}
+		cmd.SysProcAttr = &syscall.SysProcAttr{
+			Credential: &syscall.Credential{
+				// nobody:nobody on alpine.
+				Uid: 65534,
+				Gid: 65534,
+			},
+		}
+		cmd.Stdout = stdout
+		cmd.Stderr = stderr
 
 		err := cmd.Run()
 		if err != nil && !errors.Is(ctx.Err(), context.Canceled) {
 			logger.Error("running chromium", "err", err)
+			logger.Error("chromium output", "stdout", stdout.String())
+			logger.Error("chromium output", "stderr", stderr.String())
+			return
 		}
+
+		logger.Debug("chromium output", "stdout", stdout.String())
+		logger.Debug("chromium output", "stderr", stderr.String())
 	}()
 
 	version, err := chromium.Version(net.JoinHostPort("localhost", s.opts.ChromiumPort), 2*time.Second)