From 800f51958da9be73433fa6301d1d70c7ab431af1 Mon Sep 17 00:00:00 2001 From: Andrew Ferrazzutti Date: Tue, 3 May 2022 22:56:55 -0400 Subject: [PATCH] Fix sandboxing - Allow setting the sandbox in the config file, and document it - Enable the sandbox in the default Docker config - Don't assign to a const when trying to set the sandbox flag --- puppet/README.md | 3 +++ puppet/example-config-docker.json | 1 + puppet/example-config.json | 1 + puppet/src/main.js | 2 +- puppet/src/puppet.js | 2 +- 5 files changed, 7 insertions(+), 2 deletions(-) diff --git a/puppet/README.md b/puppet/README.md index f43db31..0834713 100644 --- a/puppet/README.md +++ b/puppet/README.md @@ -6,6 +6,9 @@ If `type` is `tcp`, `port` and `host` are the host/port where to listen. ### Executable path The `executable_path` specifies the path to the Chromium binary for Puppeteer to use. Leaving this setting blank will use the x86_64 Chromium installation bundled with Puppeteer. For other architectures, it is necessary to install a compatible version of Chromium (ideally via your distribution's package manager), and to set `executable_path` to the path of its binary (typically `/usr/bin/chromium`). +### Sandbox +Whether or not to pass the `--no-sandbox` flag to Chromium. May be required when running Chromium in a container. + ### Profile directory The `profile_dir` specifies which directory to put Chromium user data directories. diff --git a/puppet/example-config-docker.json b/puppet/example-config-docker.json index ecd18bb..bb9f587 100644 --- a/puppet/example-config-docker.json +++ b/puppet/example-config-docker.json @@ -4,6 +4,7 @@ "path": "/data/puppet.sock" }, "executable_path": "/usr/lib/chromium/chrome", + "no_sandbox": true, "profile_dir": "./profiles", "extension_dir": "/data/extension_files", "cycle_delay": 5000, diff --git a/puppet/example-config.json b/puppet/example-config.json index 85f90c5..eebe081 100644 --- a/puppet/example-config.json +++ b/puppet/example-config.json @@ -4,6 +4,7 @@ "path": "/var/run/matrix-puppeteer-line/puppet.sock" }, "executable_path": "", + "no_sandbox": false, "profile_dir": "./profiles", "extension_dir": "./extension_files", "cycle_delay": 5000, diff --git a/puppet/src/main.js b/puppet/src/main.js index 4b61c81..7be1406 100644 --- a/puppet/src/main.js +++ b/puppet/src/main.js @@ -35,7 +35,7 @@ const configPath = args["--config"] || "config.json" console.log("[Main] Reading config from", configPath) const config = JSON.parse(fs.readFileSync(configPath).toString()) MessagesPuppeteer.executablePath = args["--browser"] || config.executable_path || MessagesPuppeteer.executablePath -MessagesPuppeteer.noSandbox = args["--no-sandbox"] || MessagesPuppeteer.noSandbox +MessagesPuppeteer.noSandbox = args["--no-sandbox"] || config.no_sandbox || MessagesPuppeteer.noSandbox MessagesPuppeteer.profileDir = config.profile_dir || MessagesPuppeteer.profileDir MessagesPuppeteer.devtools = config.devtools || false MessagesPuppeteer.extensionDir = config.extension_dir || MessagesPuppeteer.extensionDir diff --git a/puppet/src/puppet.js b/puppet/src/puppet.js index 361083f..6d68684 100644 --- a/puppet/src/puppet.js +++ b/puppet/src/puppet.js @@ -82,7 +82,7 @@ export default class MessagesPuppeteer { `--window-size=${MessagesPuppeteer.viewport.width},${MessagesPuppeteer.viewport.height+120}`, ] if (MessagesPuppeteer.noSandbox) { - args = args.concat(`--no-sandbox`) + args.push(`--no-sandbox`) } this.browser = await puppeteer.launch({