Reputation: 31
Passing no-sandbox but still getting error 'Running as root without --no-sandbox is not supported.`
I was able to get it working using the node user and setting up a sandbox using --cap-add=SYS_ADMIN but AWS ECS Fargate does not support adding SYS_ADMIN as a linux parameter. Therefore, I am trying to pass no--sandbox to puppeteer so I can run as root but am still getting the error Running as root without --no-sandbox is not supported.
Environment
- Puppeteer version: 1.20.0
- Platform / OS version: Docker/Debian 9.12
- Node.js version: 10.21
Steps to reproduce
If I exec into the Docker container and explicitly run node puppeteer.js I do not get the error but if I make a request to my container via Postman (http://localhost:8081) I get the error.
Dockerfile
FROM node:10.21
RUN apt-get update && \
apt-get install -y gconf-service libasound2 libatk1.0-0 libc6 \
libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 \
libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 \
libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 \
libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 \
libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates \
fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget
# Create app directory
WORKDIR /usr/src/app
# Bundle app source
COPY . .
# Install app dependencies
RUN npm install
# Tried running as node user
#USER node
# Provide google authentication credentials to your application code
ENV GOOGLE_APPLICATION_CREDENTIALS=/usr/src/app/google/keys.json
CMD [ "npm", "start" ]
Puppeteer.js
const puppeteer = require('puppeteer');
/**
* Initializes and returns a puppeteer instance
* @name {getPuppeteerInstance}
* @returns {Promise} resolves with puppeteer instance
*/
module.exports = async () => {
try {
const options = {
headless: true,
args: ['--no-sandbox', '--disable-setuid-sandbox'],
defaultViewport: {
width: 1440,
height: 900,
},
timeout: 0, // 0ms timeout is no timeout
};
const browser = await puppeteer.launch(options);
const page = await browser.newPage(); ``
page.setDefaultTimeout(0);
page.setDefaultNavigationTimeout(0);
return { browser, page };
} catch (error) {
console.log(`error`, error);
return {};
}
};
What is the expected result?
By passing --no-sandbox I would expect that would be able to launch puppeteer as root without setting up a sandbox with no issues.
What happens instead?
error Error: Failed to launch chrome!
blackbox-app | [0113/220603.530554:ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
Upvotes: 3
Views: 3888
Answers (1)
Reputation: 2549
Same problem here, tried couple of things to make this work
Dockerfile
Enable kernel
RUN echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf
Add user and start chromium with that user
RUN adduser --disabled-password --disabled-login puppeteer
USER puppeteer
CMD ["your command"]
In docker-compose.yaml
cap_add:
- SYS_ADMIN
Upvotes: 2
Related Questions
- Puppeteer sandbox on Linux : No usable sandbox
- Docker Permission error while not using root
- Node.js + Puppeteer on Docker, No usable sandbox
- Docker container does not run with a non-root user
- How can I Run docker CMD command as an unprivileged user?
- Docker Error: EACCES: permission denied, mkdir
- Puppeteer does not seem to work with docker
- "Trailing garbage, ignoring." Error for Docker using puppet in centos on vagrant virtualbox
- Run docker as root verus non-root
- Running headless Chrome / Puppeteer with --no-sandbox