Fixed web-service image. No more sandbox requirement

Dockerfiles/build-base/alpine/Dockerfile

@@ -34,6 +34,7 @@ RUN set -eux && \
             openipmi-dev \
             openldap-dev \
             openssl-dev \
+            patch \
             pcre2-dev \
             postgresql-dev \
             openjdk8 \

Dockerfiles/build-base/centos/Dockerfile

@@ -23,6 +23,7 @@ RUN set -eux && \
             automake \
             bash \
             gcc \
+            patch \
             pcre2-devel \
             libcurl-devel \
             libevent-devel \

Dockerfiles/build-base/ol/Dockerfile

@@ -23,6 +23,7 @@ RUN set -eux && \
             bash \
             gcc \
             go-toolset \
+            patch \
             pcre2-devel \
             libcurl-devel \
             libevent-devel \

Dockerfiles/build-base/rhel/Dockerfile

@@ -35,6 +35,7 @@ RUN set -eux && \
             bash \
             gcc \
             go-toolset \
+            patch \
             pcre2-devel \
             libcurl-devel \
             libevent-devel \

Dockerfiles/build-base/ubuntu/Dockerfile

@@ -38,6 +38,7 @@ RUN set -eux && \
             libxml2-dev \
             make \
             openjdk-8-jdk-headless \
+            patch \
             pkg-config \
             gettext \
             git \

Dockerfiles/build-mysql/alpine/Dockerfile

@@ -22,6 +22,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
     POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     ARCH_SUFFIX="$(arch)"; \
     case "$ARCH_SUFFIX" in \
@@ -45,6 +47,7 @@ RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

Dockerfiles/build-mysql/centos/Dockerfile

@@ -22,6 +22,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
     POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     ARCH_SUFFIX="$(arch)"; \
     case "$ARCH_SUFFIX" in \
@@ -39,6 +41,7 @@ RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

Dockerfiles/build-mysql/ol/Dockerfile

@@ -22,10 +22,13 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
     POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

Dockerfiles/build-mysql/rhel/Dockerfile

@@ -32,6 +32,8 @@ LABEL description="Zabbix build base for MySQL based images" \
 ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
     POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     ARCH_SUFFIX="$(arch)"; \
     case "$ARCH_SUFFIX" in \
@@ -49,6 +51,7 @@ RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

Dockerfiles/build-mysql/ubuntu/Dockerfile

@@ -22,6 +22,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
     POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     ARCH_SUFFIX="$(arch)"; \
     case "$ARCH_SUFFIX" in \
@@ -45,6 +47,7 @@ RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

Dockerfiles/build-pgsql/alpine/Dockerfile

@@ -19,6 +19,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
       org.opencontainers.image.vendor="Zabbix LLC" \
       org.opencontainers.image.version="${ZBX_VERSION}"
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     ARCH_SUFFIX="$(arch)"; \
     case "$ARCH_SUFFIX" in \
@@ -42,6 +44,7 @@ RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

Dockerfiles/build-pgsql/centos/Dockerfile

@@ -19,6 +19,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
       org.opencontainers.image.vendor="Zabbix LLC" \
       org.opencontainers.image.version="${ZBX_VERSION}"
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     ARCH_SUFFIX="$(arch)"; \
     case "$ARCH_SUFFIX" in \
@@ -36,6 +38,7 @@ RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

Dockerfiles/build-pgsql/ol/Dockerfile

@@ -19,10 +19,13 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
       org.opencontainers.image.vendor="Zabbix LLC" \
       org.opencontainers.image.version="${ZBX_VERSION}"
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

Dockerfiles/build-pgsql/ubuntu/Dockerfile

@@ -19,6 +19,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
       org.opencontainers.image.vendor="Zabbix LLC" \
       org.opencontainers.image.version="${ZBX_VERSION}"
 
+COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
+
 RUN set -eux && \
     ARCH_SUFFIX="$(arch)"; \
     case "$ARCH_SUFFIX" in \
@@ -42,6 +44,7 @@ RUN set -eux && \
     cd /tmp/ && \
     git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch master --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
     cd /tmp/zabbix-${ZBX_VERSION} && \
+    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
     zabbix_revision=`git rev-parse --short HEAD` && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
     sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch

@@ -0,0 +1,17 @@
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index afab41204d1..f1a9b859f34 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
+-	opts := chromedp.DefaultExecAllocatorOptions[:]
++	opts := append(chromedp.DefaultExecAllocatorOptions[:],
++                chromedp.DisableGPU,
++                chromedp.NoSandbox,
++                chromedp.Flag("disable-setuid-sandbox", true),
++        )
+ 
+ 	if options.IgnoreURLCertErrors == 1 {
+ 		opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))