Fix sandboxing

- Allow setting the sandbox in the config file, and document it - Enable the sandbox in the default Docker config - Don't assign to a const when trying to set the sandbox flag
2022-05-03 22:56:55 -04:00 · 2022-05-03 22:56:55 -04:00 · 800f51958d
parent 8d4bb3d777
commit 800f51958d
5 changed files with 7 additions and 2 deletions
--- a/puppet/README.md
+++ b/puppet/README.md
@ -6,6 +6,9 @@ If `type` is `tcp`, `port` and `host` are the host/port where to listen.
 ### Executable path
 The `executable_path` specifies the path to the Chromium binary for Puppeteer to use. Leaving this setting blank will use the x86_64 Chromium installation bundled with Puppeteer. For other architectures, it is necessary to install a compatible version of Chromium (ideally via your distribution's package manager), and to set `executable_path` to the path of its binary (typically `/usr/bin/chromium`).

+### Sandbox
+Whether or not to pass the `--no-sandbox` flag to Chromium. May be required when running Chromium in a container.
+
 ### Profile directory
 The `profile_dir` specifies which directory to put Chromium user data directories.

--- a/puppet/example-config-docker.json
+++ b/puppet/example-config-docker.json
@ -4,6 +4,7 @@
 		"path": "/data/puppet.sock"
 	},
 	"executable_path": "/usr/lib/chromium/chrome",
+	"no_sandbox": true,
 	"profile_dir": "./profiles",
 	"extension_dir": "/data/extension_files",
 	"cycle_delay": 5000,
--- a/puppet/example-config.json
+++ b/puppet/example-config.json
@ -4,6 +4,7 @@
 		"path": "/var/run/matrix-puppeteer-line/puppet.sock"
 	},
 	"executable_path": "",
+	"no_sandbox": false,
 	"profile_dir": "./profiles",
 	"extension_dir": "./extension_files",
 	"cycle_delay": 5000,
--- a/puppet/src/main.js
+++ b/puppet/src/main.js
@ -35,7 +35,7 @@ const configPath = args["--config"] || "config.json"
 console.log("[Main] Reading config from", configPath)
 const config = JSON.parse(fs.readFileSync(configPath).toString())
 MessagesPuppeteer.executablePath = args["--browser"] || config.executable_path || MessagesPuppeteer.executablePath
-MessagesPuppeteer.noSandbox = args["--no-sandbox"] || MessagesPuppeteer.noSandbox
+MessagesPuppeteer.noSandbox = args["--no-sandbox"] || config.no_sandbox || MessagesPuppeteer.noSandbox
 MessagesPuppeteer.profileDir = config.profile_dir || MessagesPuppeteer.profileDir
 MessagesPuppeteer.devtools = config.devtools || false
 MessagesPuppeteer.extensionDir = config.extension_dir || MessagesPuppeteer.extensionDir
--- a/puppet/src/puppet.js
+++ b/puppet/src/puppet.js
@ -82,7 +82,7 @@ export default class MessagesPuppeteer {
 			`--window-size=${MessagesPuppeteer.viewport.width},${MessagesPuppeteer.viewport.height+120}`,
 		]
 		if (MessagesPuppeteer.noSandbox) {
-			args = args.concat(`--no-sandbox`)
+			args.push(`--no-sandbox`)
 		}

 		this.browser = await puppeteer.launch({