Chrome won't work without --no-sandbox option

Question

Chrome won't work without --no-sandbox option

mosajjal opened this issue 8 years ago · 8 comments

Hi !

I'm using Arch as host, with 4.6.2-1 kernel and 1.11.2 is my Docker version.

This doesn't work for me:

 docker run -it \
    --net host \ # may as well YOLO
    --cpuset-cpus 0 \ # control the cpu
    --memory 512mb \ # max memory it can use
    -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
    -e DISPLAY=unix$DISPLAY \
    -v $HOME/Downloads:/root/Downloads \
    -v $HOME/.config/google-chrome/:/data \ # if you want to save state
    --device /dev/snd \ # so we have sound
    -v /dev/shm:/dev/shm \
    --name chrome \
    jess/chrome

this doesn't open the chrome window for me. but when I add--no-sandbox or --disable-setuid-sandbox, it works.

Also, with 512mb ram, it crashes tabs multiple times, also "HTTPS everywhere" and "uBlock" will crash multiple times. adding --disable-appcontainer won't help either.

is there any way to run Chrome container with sand-boxing in Arch ?

best regards.

jessfraz commented 8 years ago

See #65

Answer 1 · 2016-06-13T09:02:20.000Z

Oh it's because you don't have userns enabled in your kernel

Answer 2 · 2016-06-13T15:56:02.000Z

I can confirm after enabling User Namespace and re-compiling the kernel (4.7RC3), it works flawlessly. Also, VLC on docker seems to be working better and i3 shows the logo at the bottom.

Answer 3 · 2017-08-31T11:51:53.000Z

I got the same problem ,so i disable sandbox ,but it still cann't works!

Answer 4 · 2017-09-01T13:45:20.000Z

@creatist You need to enable user namespaces in your kernel for this to work.

Answer 5 · 2019-02-16T23:14:26.000Z

I can confirm after enabling User Namespace and re-compiling the kernel (4.7RC3), it works flawlessly. Also, VLC on docker seems to be working better and i3 shows the logo at the bottom.

Could you tell me what command you ran to do this? I'm new to docker.

Answer 6 · 2020-12-21T05:48:51.000Z

I can confirm after enabling User Namespace and re-compiling the kernel (4.7RC3), it works flawlessly. Also, VLC on docker seems to be working better and i3 shows the logo at the bottom.

Could you tell me what command you ran to do this? I'm new to docker.

did you get any resources for how to disable sandbox and run chrome in docker.

Answer 7 · 2021-11-08T14:13:33.000Z

I can confirm after enabling User Namespace and re-compiling the kernel (4.7RC3), it works flawlessly. Also, VLC on docker seems to be working better and i3 shows the logo at the bottom.

Could you tell me what command you ran to do this? I'm new to docker.

did you get any resources for how to disable sandbox and run chrome in docker.

Yes, please help! I'm totally lost reading pages like this:
https://docs.docker.com/engine/security/userns-remap/