[Chromium] run failure w/ No usable sandbox #383
Comments
|
Totes understand if this is non-trivial to fix. I just wanted to make sure it was noted somewhere. :) edit maybe this is a dupe of #232 ? |
|
Thanks a lot for filing this issue and linking to useful docs! We're definitely interested in supporting browser sandboxes (as long as we don't have to make our containers extremely unsafe), so let's figure out what needs to be done here. We can easily install any missing dependencies (by adding them to chromium.dockerfile), but what might be less easy is figuring out what Docker capabilities and syscalls need to be enabled, and if that's a reasonable security compromise. Issue #232 may have some insight into what capabilities and syscalls browser sandboxes need to work. In #315 we're pretty close to knowing what should be enabled to make advanced debuggers like rr work, and we're one seccomp profile fork away from implementing the fix (we basically need to deviate slightly from Docker's "sensible security defaults", while making sure that we're not making a terrible mistake). |
I just spun up the chromium image. I tried Running/Building from c9, and there was "no work to do". Good!
In VNC I ran
./out/Default/chromebut it failed:running with
--no-sandboxdoes succeed, although this isnt recommendedhttps://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md has the most decent docs on this topic.. it seems to be an issue with some system deps not being installed and thus preventing use of the sandbox.
The text was updated successfully, but these errors were encountered: