-
Set up
/etc/sub{u,g}id([[ ! -f /etc/subuid ]] && [[ ! -f /etc/subgid ]]) \ && printf "%s:1000000:65536\n" "$(whoami)" \ | tee /etc/subgid >/etc/subuid
-
Install the seccomp profile
install -o "$(id -u)" -g "$(id -g)" -m 0700 -d "${HOME}/.config/containers" install ./chromium/chrome.json "${HOME}/.config/containers/chrome.json"
-
Build and run the image
make chromium
-
Profit!
Special thanks to Jessie Frazelle for the
original impetus and
the chrome.json
seccomp profile.