-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] Run playwright from docker container running express server - sandbox issues #2386
Comments
The best way to solve this would be to run as non-privileged user as otherwise bad things may happen. You should only run without sandbox if you fully trust the web pages you are loading. But I guess there is a good reason it cannot be done. I assume you are disabling sandbox via command line arguments, in that case chromium should not complain about sandbox. Can you share custom arguments you are passing to the browser? Also can you launch with |
Thanks for the response! I have made some progress. I updated my server to work when run with a non-privileged user and I manually installed playwright using node_modules/playright/install.js after I built my docker image. How I try to launch
error
So I'm trying to address the above issue using puppeteer...troubleshooting.md#setting-up-chrome-linux-sandbox. I believe the recommended approach (sudo sysctl -w kernel.unprivileged_userns_clone=1) doesn't work because I'm running in a container. So that leaves the second method (Setup setuid sandbox). I followed the direction mostly with the following changes:
Here's the new error
Note that I also found that the The Linux SUID sandbox is almost but not completely removed from chromium/src.git/+/master/docs/linux/suid_sandbox_development.md. So perhaps this approach doesn't even make sense. |
I think i have the same issue here with playwright There is my docker file # A minimal Docker image with Node and playwright
#
# Based upon:
# https://github.com/microsoft/playwright/blob/master/docs/docker/Dockerfile.bionic
FROM ubuntu:bionic
# 1. Install node12
RUN apt-get update && apt-get install -y curl && \
curl -sL https://deb.nodesource.com/setup_12.x | bash - && \
apt-get install -y nodejs
# 2. Install WebKit dependencies
RUN apt-get install -y libwoff1 \
libopus0 \
libwebp6 \
libwebpdemux2 \
libenchant1c2a \
libgudev-1.0-0 \
libsecret-1-0 \
libhyphen0 \
libgdk-pixbuf2.0-0 \
libegl1 \
libnotify4 \
libxslt1.1 \
libevent-2.1-6 \
libgles2 \
libvpx5
# 3. Install Chromium dependencies
RUN apt-get install -y libnss3 \
libxss1 \
libasound2
# 4. Install Firefox dependencies
RUN apt-get install -y libdbus-glib-1-2 \
libxt6
# 5. Copy some scripts
...
# 6. Create folder and copy components
...
# 7. Install dependencies and force install playwright to download browsers
RUN npm install
Error :
(same error with pwuser) Running |
Thanks for the further information. I believe that has helped me progress to the next step! However, I'm getting an error. First, though, here's my docker file
When I launch my docker image, I set the environmental variable CHROME_DEVEL_SANDBOX
So, the most recent error I'm getting is
|
Ok, I have a workaround. I switched to firefox and everything worked :) |
If you want to run this under root, you have to disable Chromium sanbox by passing corresponding arguments as the error message suggests: I see that you switch to non-privileged user |
@rat-matheson we've updated instructions to launch Chromium in docker with sandbox. The TL;DR: in your case seem to be launching with a proper seccomp profile that you should download and use like this: docker container run -it --rm --ipc=host --security-opt seccomp=seccomp_profile.json mcr.microsoft.com/playwright:bionic /bin/bash As a last resort, in our upcoming v1.3 release, there's a new high-level launch option // Launch chromium without Chromium Sandbox.
const browser = await chromium.launch({ chromiumSandbox: false }); Hope this helps! |
Issue:
I am unable to configure sandbox usage in my environment.
Env
Thanks for all the hard work and the great library!
The text was updated successfully, but these errors were encountered: