puppeteer: Puppeter cannot start on CentOS 7

Steps to reproduce

Environment:

  • Puppeteer version: Latest
  • Platform / OS version: CentOS 7
  • Node.js version: 8 or 10, it does not matter.

What steps will reproduce the problem?

Step 1: Install & run CentOS 7

$uname -a
Linux centos 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Step 2: install node, puppeteer and chromium missing dependencies

curl -sL https://rpm.nodesource.com/setup_8.x | sudo -E bash -
yum install nodejs

Install missing Chromium dependencies:

pango.x86_64
libXcomposite.x86_64
libXcursor.x86_64
libXdamage.x86_64
libXext.x86_64
libXi.x86_64
libXtst.x86_64
cups-libs.x86_64
libXScrnSaver.x86_64
libXrandr.x86_64
GConf2.x86_64
alsa-lib.x86_64
atk.x86_64
gtk3.x86_64
ipa-gothic-fonts
xorg-x11-fonts-100dpi
xorg-x11-fonts-75dpi
xorg-x11-utils
xorg-x11-fonts-cyrillic
xorg-x11-fonts-Type1
xorg-x11-fonts-misc

Step 3 - Create test.js

'use strict';
const puppeteer = require('puppeteer');
const fs = require('fs');
(async () => {
  console.info("Starting browser");
  let browser;
  try {
    browser = await puppeteer.launch({});
  } catch (e) {
    console.info("Unable to launch browser mode in sandbox mode. Lauching Chrome without sandbox.");
    browser = await puppeteer.launch({args:['--no-sandbox']});
  }
  console.info("Browser successfully started");
  console.info("Closing browser");
  await browser.close();
  console.info("Done");
})();

Step 4: Execute test.

$ node test.js

Starting browser
Unable to launch browser mode in sandbox mode. Lauching Chrome without sandbox.
Browser successfully started
Closing browser
Done

See that the browser cannot be launched without --no-sandbox

Analysis

Install “standard” Chromium on same linux box and see that Chromium can be successfully launched. Navigate to about:sandbox in “standard” Chromium and see that SUID sandboxing is used (because user namespace sandboxing is not available).

For SUID sandboxing to work, “standard” chromium uses a process called “chrome-sandbox”.

If you navigate to node_modules/puppeteer/.local-chromium/linux-549031, you notice that for puppeteer there is a file named chrome_sandbox (with an underscore).

Renaming this file to chrome-sandbox, making it owned by root and with attributes 4755 does the trick…

sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox

Now, run the test again

$ node test.js

Starting browser
Browser successfully started
Closing browser
Done

Alternatively, one can enable user namespaces in the kernel, but that’s not always possible, so I think Puppeteer should gracefully degrade the sandboxing as Google Chrome and Chromium do.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 21
  • Comments: 16 (1 by maintainers)

Most upvoted comments

@apichery maybe you can try yum install pango.x86_64 libXcomposite.x86_64 libXcursor.x86_64 libXdamage.x86_64 libXext.x86_64 libXi.x86_64 libXtst.x86_64 cups-libs.x86_64 libXScrnSaver.x86_64 libXrandr.x86_64 GConf2.x86_64 alsa-lib.x86_64 atk.x86_64 gtk3.x86_64 ipa-gothic-fonts xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc

const browser = await puppeteer.launch({ headless: true, args: [‘–no-sandbox’] })

+15
zhoujingchao on Jul 29, 2018

yum install pango libXcomposite libXcursor libXdamage libXext libXi libXtst cups-libs libXScrnSaver libXrandr GConf2 alsa-lib atk gtk3 ipa-gothic-fonts xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc

+11
willemevenwel on Nov 21, 2018

@jinggoing Had the same issue on Centos 7.5.1804, fixed by updating the glib2 package. ( yum update glib2). this is unrelated to the issue mentioned above…

+10
yowkah on Dec 13, 2018

I’m using CentOS Linux release 7.7.1908 (Core) And none of the above solutions worked for me.

+3
sirajalam049 on Feb 14, 2020

Fix this issue by:

yum update glib2
+2
kennylbj on Feb 26, 2019

I think it just pretends to work when renaming.

After changing the ownership to root:root and chmodding but not renaming, i get the error. After disabling SEL, the problem goes away. Seems like starting sandbox is blocked by SELinux.

to reproduce, follow every step in the original issue, including analysis, except for renaming the sandbox file. then disable SELinux temporarily by running sudo setenforce 0. check if the SELinux mode is permissive by runing sudo sestatus.

now try running the test.js again and it works.

just a disclaimer: this is not a permanent fix. You need to create an exception within SELinux to permit this, instead of enabling SELinux all together!

Final edit: The problem for me was solved by this article written by dan walsh: https://danwalsh.livejournal.com/75282.html

For future reference. setting the following boolean fixes the issue caused by SELinux: # setsebool -P unconfined_chrome_sandbox_transition 0

+1
yowkah on Dec 13, 2018
Read more comments on GitHub
← puppeteer: Puppeteer Won't Click on Element
puppeteer: Question: Broken example? →