Public | Automated Build

Last pushed: 3 months ago
Short Description
chrome-headless-chromedriver-java8
Full Description

docker-chrome-headless-java8

Dockerfile for Chrome Headless (Debian) + Java 8

See: https://hub.docker.com/r/justinribeiro/chrome-headless/

This dockerfile adds chromedriver + oracle java 8 to the above image.

This Dockerfile works, but is not good enough for me right now because I need an X display (I need to use sendKeys).


Issues:

org.openqa.selenium.WebDriverException: unknown error: an X display is required for keycode conversions, consider using Xvfb

Chrome headless still has problems when using sendKeys() without an X display (which is what happens when we use this docker image).
https://bugs.chromium.org/p/chromedriver/issues/detail?id=1772

Also: https://github.com/SeleniumHQ/docker-selenium/issues/429#issuecomment-296379624

The comment above is the most promising.


Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted

Apparently, chrome runs its renderer in a sandbox, which gives it less permissions than a regular process.

It is said:

Actually it's saying that it's running without the sandbox enabled. What that means is that the renderer (ie. the process that draws web pages), is running with more permissions than it usually would. That means a bug in the renderer is more likely to lead to your kernel being exploited than if you are running with the sandbox enabled.

This problem happens because chrome can't create a new namespace for the sandbox. So using --cap-add=CAP_SYS_ADMIN at docker run fixes it.

More on that on https://github.com/yukinying/chrome-headless-browser-docker:

Why cap-add=SYS_ADMIN is needed

Currently, there is a user namespace issue in OSX that generates this error:

Failed to move to new namespace: PID namespaces supported, Network namespace supported,
but failed: errno = Operation not permitted

There are two mitigations, but none of them are ideal as it gives the container some special capabilities:

  1. Use a special seccomp profile, as stated in https://twitter.com/jessfraz/status/681934414687801345

    docker run -it --rm --name chrome --shm-size=1024m -p=127.0.0.1:9222:9222 --security-opt seccomp:/path/to/chrome.json \
    yukinying/chrome-headless-browser
    
  2. Use CAP_SYS_ADMIN

    docker run -it --rm --name chrome --shm-size=1024m -p=127.0.0.1:9222:9222 --name chrome --cap-add=SYS_ADMIN \
    yukinying/chrome-headless-browser
    

According to ripper2hl:

Very nice works perfectly with Selenium, no window size .
This run on ubuntu 17.04

@BeforeTest
public void setupTest() {
    ChromeDriverManager.getInstance().setup();
    ChromeOptions options = new ChromeOptions();
    options.addArguments("--headless", "--disable-gpu");
    driver =  new ChromeDriver( options );
}

ChromeDriverManager its a project of Boni Garcia
https://github.com/bonigarcia/webdrivermanager


Dockerfiles using chromedriver: https://github.com/search?l=Dockerfile&q=chromedriver++LATEST_RELEASE+&type=Code&utf8=%E2%9C%93
Sample: https://github.com/bufferings/sandbox-gebheadlesschrome/blob/215788792092db0d18cf66eb064dc2621292919c/Dockerfile


This one worked OK without changes (https://github.com/yukinying/chrome-headless-browser-docker):

docker run -it --rm --name chrome --shm-size=1024m --cap-add=SYS_ADMIN --entrypoint=/usr/bin/google-chrome-unstable yukinying/chrome-headless-browser --headless --disable-gpu --dump-dom https://www.facebook.com

I guess I just need to add xvfb to it.

Docker Pull Command
Owner
acdcjunior

Comments (0)