mark icon indicating copy to clipboard operation
mark copied to clipboard
verified publisher icon kovetskiy

No usable sandbox! Fatal error

Open viclang opened this issue 2 years ago • 4 comments

I'm trying to integrate the mark docker image in the azure pipeline, but I'm getting the following error from the chrome dependency:

TRACE rendering markdown:
<!-- document was printed here -->
panic: chrome failed to start:
[FATAL:zygote_host_impl_linux.cc(127)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.


goroutine 1 [running]:
github.com/kovetskiy/mark/pkg/mark.CompileMarkdown({0xc0002f9b00, 0xd64, 0xd80}, 0xc0002c4bc0, {0x7ffca007bb6e, 0xb}, {0xc0001ed390, 0xa}, 0x0)
	/go/src/github.com/kovetskiy/mark/pkg/mark/markdown.go:681 +0x859
main.processFile({0x7ffca007bb6e, 0xb}, 0xba7420?, 0x0?, {0x0?, 0x0}, {0x7ffca007bba6, 0x16})
	github.com/kovetskiy/mark/main.go:455 +0x119d
main.RunMark(0xc0001ac8c0)
	github.com/kovetskiy/mark/main.go:252 +0x710
github.com/urfave/cli/v2.(*Command).Run(0xc0001a02c0, 0xc0001ac8c0, {0xc0000340e0, 0xe, 0xe})
	/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:274 +0x9eb
github.com/urfave/cli/v2.(*App).RunContext(0xc000226000, {0xffd178?, 0xc000042110}, {0xc0000340e0, 0xe, 0xe})
	/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:332 +0x616
github.com/urfave/cli/v2.(*App).Run(...)
	/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:309
main.main()
	github.com/kovetskiy/mark/main.go:190 +0x13a

It seems like the pipeline doesn't have the correct permissions to use the sandbox, but when I'm looking at the Dockerfile I see that it already uses the --no-sandbox option

My pipeline looks something like this:

trigger:
  branches:
    include:
    - main
  paths:
    include:
    - docs

variables:
  - group: Mark

parameters:
- name: 'markUser'
  type: string
  default: '[email protected]'

resources:
  containers:
  - container: mark-container
    image: kovetskiy/mark:latest

container: mark-container

steps:
- bash: |
    if [ -d "docs" ]; then
      # mark.sh calls: mark --ci --debug --trace -f "docs/$$.md" --parents "$parents" -u "$USERNAME" -p "$PASSWORD" -c "$CONFIG"
      bash -x templates/publish/markdown-to-confluence/mark.sh -u $MARK_USER -p $MARK_PASS -c templates/publish/markdown-to-confluence/config.toml
    else
      echo "Docs folder does not exist. Skipping step."
    fi
  env:
    MARK_USER: ${{ parameters.markUser }}
    MARK_PASS: $(confluence-api)
  target: mark-container

How can I solve this problem?

viclang avatar Aug 31 '23 15:08 viclang

Did you ever have any luck resolving this? It seems like the headless-shell dockerfile has since had the --no-sandbox removed

jwitz avatar Mar 11 '25 16:03 jwitz

I was receiving that error message as well, when running in my pipeline.

I changed the way I call mark binary to something like this:

docker run --rm \
-v "${{ github.workspace }}:/work" \
-w /work \
-e MARK_SPACE="your-space-id" \
kovetskiy/mark:latest mark \
... any other parameters
|| exit 1;

Now it is working as it should.

tiagoferreiraWex avatar Mar 11 '25 16:03 tiagoferreiraWex

@tiagoferreiraWex Interesting, was the issue fixed when you configured your space ID as an environment variable? Ive fixed some other mark issues by changing command flags into configurations/ env vars/ etc

jwitz avatar Mar 11 '25 17:03 jwitz

@jwitz No, I was using go installer before and changed it to use the docker container. I just sent the code to show how I am invoking mark.

tiagoferreiraWex avatar Mar 11 '25 17:03 tiagoferreiraWex