The image dropped to a fixed non-root user (uid 10001) and pointed HOME at /out. On native Linux Docker a bind-mounted /out is owned by whoever created it on the host, so uid 10001 cannot write into it. Two things then failed: kage's output and resume state under $HOME/data/kage hit "mkdir /out: permission denied", and Chrome launched chrome_crashpad_handler with an empty crash database path, which aborts the whole browser with "chrome_crashpad_handler: --database is required" and fails every render. The earlier attempt set HOME=/out, but that only helps when /out is writable, which it is not for a non-root uid against a host-owned mount. The crash-reporter flags in the launcher did not help either: they do not stop Chrome from spawning the handler, so the abort stayed. Run as root instead. Container root writes a host-owned bind mount whatever its ownership, so both /out and HOME stay writable and the documented one-liner just works. This does not loosen the sandbox: Chrome's sandbox is already off inside any container (kage drops it on container detection), so root here changes nothing that was holding. Verified end to end in an Alpine + chromium container: the non-root image reproduces both the crashpad abort and the permission-denied exactly as reported, and the root image clones example.com cleanly, writing index.html and resume state into a host-owned mounted volume.
This commit is contained in:
+13
-9
@@ -17,24 +17,28 @@ ARG TARGETPLATFORM
|
||||
# chromium for rendering; ca-certificates for HTTPS; tzdata for sane timestamps;
|
||||
# the font package so rendered pages have glyphs to lay out.
|
||||
RUN apk add --no-cache chromium ca-certificates tzdata font-noto \
|
||||
&& adduser -D -H -u 10001 kage \
|
||||
&& mkdir -p /out \
|
||||
&& chown kage:kage /out
|
||||
&& mkdir -p /out
|
||||
|
||||
COPY $TARGETPLATFORM/kage /usr/bin/kage
|
||||
|
||||
USER kage
|
||||
WORKDIR /out
|
||||
|
||||
# Point kage at the bundled Chromium and write mirrors under /out by default:
|
||||
#
|
||||
# docker run -v "$PWD/out:/out" ghcr.io/tamnd/kage clone example.com
|
||||
#
|
||||
# The kage user has no home directory of its own, so HOME points at the mounted
|
||||
# /out volume. That keeps two things writable: kage's default output and resume
|
||||
# state (it lands under $HOME/data/kage), and Chrome's profile and crash
|
||||
# database. Without this both fail with a permission error in the container
|
||||
# (issue #7), and the mounted volume captures nothing.
|
||||
# The container runs as root, and that is deliberate (issue #7). A bind-mounted
|
||||
# /out is owned by whoever created it on the host, so only root can reliably
|
||||
# write into it; a fixed non-root uid cannot, and both kage's output and resume
|
||||
# state (under $HOME/data/kage) then fail with "mkdir /out: permission denied".
|
||||
# The same unwritable HOME also breaks Chrome: it launches chrome_crashpad_handler
|
||||
# with an empty crash database path, which aborts the whole browser with
|
||||
# "chrome_crashpad_handler: --database is required" and fails every render.
|
||||
# Running as root keeps /out and HOME writable whatever the host owns, so the
|
||||
# one-liner above just works. This costs nothing in the sandbox: Chrome's sandbox
|
||||
# is already off inside any container (kage drops it on container detection), so
|
||||
# root here does not loosen a boundary that was holding. HOME points at /out so
|
||||
# the default output and Chrome's writable state both land in the mounted volume.
|
||||
ENV KAGE_CHROME=/usr/bin/chromium-browser \
|
||||
HOME=/out
|
||||
|
||||
|
||||
+7
-6
@@ -183,13 +183,14 @@ func (p *Pool) getBrowser() (*rod.Browser, error) {
|
||||
// In a container, the default /dev/shm is only 64 MB, too small for
|
||||
// Chrome's renderer on large pages, so steer it to a temp file instead.
|
||||
// Outside a container /dev/shm is roomy and faster, so leave it alone.
|
||||
// Chrome's crashpad handler also aborts with "--database is required" in a
|
||||
// minimal container, which fails the whole launch (issue #7), so turn the
|
||||
// crash reporter off there. kage never uploads Chrome crash dumps anyway.
|
||||
//
|
||||
// The "chrome_crashpad_handler: --database is required" abort seen in
|
||||
// containers (issue #7) is not fixed here: the crash-reporter flags do not
|
||||
// stop Chrome from spawning the handler. Its real cause is an unwritable
|
||||
// HOME, which leaves the crash database path empty; the image keeps HOME
|
||||
// writable instead (see the Dockerfile).
|
||||
if inContainer() {
|
||||
l = l.Set("disable-dev-shm-usage", "").
|
||||
Set("disable-crash-reporter", "").
|
||||
Set("disable-breakpad", "")
|
||||
l = l.Set("disable-dev-shm-usage", "")
|
||||
}
|
||||
|
||||
if bin := p.chromeBin(); bin != "" {
|
||||
|
||||
Reference in New Issue
Block a user