Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: use aa-exec to fix Puppeteer on Ubuntu 24.04 CI #825

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ci: use aa-exec to fix Puppeteer on Ubuntu 24.04 CI #825

wants to merge 1 commit into from

Conversation

aloisklink
Copy link
Member

📑 Summary

Ubuntu 24.04 has stricter AppArmor policies that prevent Puppeteer from running, with an error like:

Failed to launch the browser process!
[0109/235031.343250:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

We can use aa-exec to explicitly set the chrome policy and get it working again.

See: #730 (comment)
See: actions/runner-images#10015
See: puppeteer/puppeteer#12818

📏 Design Decisions

I've used aa-exec since it's seems the easiest way to set the config, and it still means that Puppeteer uses most of it's sandbox features.

📋 Tasks

Make sure you

  • 📖 have read the contribution guidelines
  • 💻 have added unit/e2e tests (if appropriate)
    • Fixes existing E2E tests.
  • 🔖 targeted master branch

@aloisklink
ci: use aa-exec to fix Puppeteer on Ubuntu 24.04
acbf2c9 
Ubuntu 24.04 has stricter AppArmor policies that prevent Puppeteer from
running, with an error like:

> Failed to launch the browser process!
> [0109/235031.343250:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

We can use [`aa-exec`][1] to explicitly set the `chrome` policy and get
it working again.

[1]: https://manpages.ubuntu.com/manpages/noble/man1/aa-exec.1.html
See: mermaid-js#730 (comment)
@aloisklink aloisklink force-pushed the test/fix-mermaid-cli-on-ubuntu-24.04 branch from 81a4faa to acbf2c9 Compare January 9, 2025 15:03
aloisklink added a commit to aloisklink/remark-mermaid-dataurl that referenced this pull request Jan 10, 2025
@aloisklink
ci: fix Puppeteer CI tests on Ubuntu 24.04
0620450 
Use `aa-exec --profile=chrome` to run our tests and therefore Puppeteer
with the `chrome` security profile. This allows chrome to run with the
same permissions as it had on Ubuntu 22.04, which is required.

See: mermaid-js/mermaid-cli#825
@aloisklink aloisklink mentioned this pull request Jan 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aloisklink