我正在尝试在Docker容器中运行Chrome浏览器,但我无法正确设置Chrome沙盒,并且在我搜索的每个地方,人们都建议通过传递--no-sandbox
来禁用沙盒。我感觉这是“以root身份运行”的同一团队的解决方法。以下是我的Dockerfile:
FROM buster-slim
# install chrome
RUN adduser --system --group chrome
RUN apt-get update \
&& apt-get install -y --no-install-recommends wget \
&& wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \
&& apt install -y --no-install-recommends ./google-chrome-stable_current_amd64.deb \
&& rm google-chrome-stable_current_amd64.deb \
&& chown root:root -R /opt/google/chrome/ \
&& chmod 755 -R /opt/google/chrome/ \
&& chmod 4755 -R /opt/google/chrome/chrome-sandbox
USER chrome
ENTRYPOINT ["google-chrome", "--headless", "--disable-gpu"]
但是它会因为非法指令错误而崩溃:
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
Failed to generate minidump.Illegal instruction (core dumped)
如果我传递--no-sandbox
,它就不会崩溃。