google-chrome Failed to move to new namespace

后端 未结 2 2277
半阙折子戏
半阙折子戏 2021-02-19 07:41

Im trying to run google-chrome --headless inside a docker container as a non-root user to execute some tests. Everytime Im trying to start it, it throws following error:

相关标签:
2条回答
  • 2021-02-19 08:27

    Although this doesn't answer your question, since it you can't set security-opt, this is still a good solution for other people with a similar problem finding the question.

    Download this chrome.json file, which contains a custom security profile.

    Use the security profile with --security-opt seccomp=path/to/chrome.json or with docker-compose:

    # docker-compose.yml
    version: '3'
    services:
      <service name>:
        #
        # the service configuration
        #
        security_opt:
          - seccomp=<path to downloaded chrome.json>
    

    see https://stackoverflow.com/a/53975412/8678740

    0 讨论(0)
  • 2021-02-19 08:32

    After researching extensively internet I think I found the answer:

    Sandboxing  For security reasons, Google Chrome is unable to provide sandboxing when it is running in the container-based environment. To use Chrome in the container-based environment, pass the --no-sandbox flag to the chrome executable

    So it looks like there is no better solution than --no-sandbox for me, even though its not being very secure, there are people on the internet claiming that it is still safe to use "--no-sandbox" as its running within container which is extra protected any way.

    0 讨论(0)
提交回复
热议问题