Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: Failed to launch the browser process! #730

Open
ldesousa opened this issue Aug 16, 2024 · 4 comments
Open

Error: Failed to launch the browser process! #730

ldesousa opened this issue Aug 16, 2024 · 4 comments

Comments

@ldesousa
Copy link

Describe the bug
mmdc fails with the error message: "Error: Failed to launch the browser process!"

To Reproduce

$ mmdc -i PROV.mm -o PROV.png

Error: Failed to launch the browser process!
[0816/165930.731221:FATAL:zygote_host_impl_linux.cc(117)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
#0 0x58e9b2b224e2 base::debug::CollectStackTrace()
#1 0x58e9b2a93ab3 base::debug::StackTrace::StackTrace()
#2 0x58e9b2a90cf7 logging::LogMessage::~LogMessage()
#3 0x58e9b05a80a2 content::ZygoteHostImpl::Init()
#4 0x58e9b25dc8af content::ContentMainRunnerImpl::Initialize()
#5 0x58e9b25d9f6b content::RunContentProcess()
#6 0x58e9b25da4fe content::ContentMain()
#7 0x58e9b263c3c6 headless::(anonymous namespace)::RunContentMain()
#8 0x58e9b263c068 headless::HeadlessShellMain()
#9 0x58e9aeb251e3 ChromeMain
#10 0x714505e2a1ca (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9)
#11 0x714505e2a28b __libc_start_main
#12 0x58e9aeb2502a _start



TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md

    at onClose (file:///usr/local/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/puppeteer-core/lib/esm/puppeteer/node/BrowserRunner.js:269:20)
    at Interface.<anonymous> (file:///usr/local/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/puppeteer-core/lib/esm/puppeteer/node/BrowserRunner.js:257:24)
    at Interface.emit (node:events:529:35)
    at Interface.close (node:internal/readline/interface:534:10)
    at Socket.onend (node:internal/readline/interface:260:10)
    at Socket.emit (node:events:529:35)
    at endReadableNT (node:internal/streams/readable:1400:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

Expected behavior
Expected mmdc to generate an image and exit without error messages.

Desktop (please complete the following information):

@aloisklink
Copy link
Member

Are you running Ubuntu 24.04 and mmdc in a docker/podman container?

If so, you'd either need to add the --cap-add=SYS_ADMIN (not recommended!) to your container, or run puppeteer with the --no-sandbox arg (which is dangerous, but should be mostly safe, as long as there is nothing else in the container that you care about).

You can do this by creating a puppeteerConfig.json file with the contents:

{
  "args": ["--no-sandbox"]
}

Then running mmdc with mmdc --puppeteerConfigFile path/to/my/puppeteerConfig.json -i PROV.mm -o PROV.png.

As an example, you can see how the official minlag/mermaid-cli docker image does this with:

There's also some alternative steps which are recommended by the Puppeteer team at https://pptr.dev/troubleshooting#setting-up-chrome-linux-sandbox, but I haven't tested them yet.

@ldesousa
Copy link
Author

Are you running Ubuntu 24.04 and mmdc in a docker/podman container?

No. This issue does not concern Docker.

@aloisklink
Copy link
Member

I recently updated to Ubuntu 24.04 and encountered the same issue!

It looks like Ubuntu 24.04 contains some AppArmor 4 rules that block Puppeteer's sandbox from working properly: puppeteer/puppeteer#12818 (comment)

The easiest thing to do is probably just to prepend all calls to @mermaid-js/mermaid-cli with aa-exec --profile=chrome (see aa-exec).

E.g., if you normally use npx @mermaid-js/mermaid-cli, instead use aa-exec --profile=chrome npx @mermaid-js/mermaid-cli.

Other options would be to:

dawidl022 added a commit to dawidl022/go-const-generics that referenced this issue Oct 16, 2024
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
elbeno added a commit to elbeno/cicd-repo-infrastructure that referenced this issue Oct 28, 2024
Problem:
- Ubuntu 23.10 and later has security rules around running chrome, which means
  mermaid-cli can't generate diagrams without a workaround.
- See mermaid-js/mermaid-cli#730

Solution:
- Provide a puppeteer_config.json file in the docs directory which can be passed
  to mmdc by specifying an attribute in AsciiDoctor markdown.
- See https://docs.asciidoctor.org/diagram-extension/latest/diagram_types/mermaid/
zeitgeist added a commit to sine-fdn/ileap-extension that referenced this issue Dec 12, 2024
aubertc added a commit to princomp/princomp.github.io that referenced this issue Jan 8, 2025
aloisklink added a commit to aloisklink/mermaid-cli that referenced this issue Jan 9, 2025
Ubuntu 24.04 has stricter AppArmor policies that prevent Puppeteer from
running, with an error like:

> Failed to launch the browser process!
> [0109/235031.343250:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

We can use [`aa-exec`][1] to explicitly set the `chrome` policy and get
it working again.

[1]: https://manpages.ubuntu.com/manpages/noble/man1/aa-exec.1.html
See: mermaid-js#730 (comment)
aloisklink added a commit to aloisklink/mermaid-cli that referenced this issue Jan 9, 2025
Ubuntu 24.04 has stricter AppArmor policies that prevent Puppeteer from
running, with an error like:

> Failed to launch the browser process!
> [0109/235031.343250:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

We can use [`aa-exec`][1] to explicitly set the `chrome` policy and get
it working again.

[1]: https://manpages.ubuntu.com/manpages/noble/man1/aa-exec.1.html
See: mermaid-js#730 (comment)
@eeproto
Copy link

eeproto commented Jan 9, 2025

Had the same issue after upgrading to 24.04. I did not want to poke any holes into system security globally, so opted to patch just the puppeteer call from mermaid-cli.

Go into node_modules/@mermaid-js/mermaid-cli/src/index.js and look in async function cli () for the statement setting the puppeteerConfig variable. Modify it such that it includes the --no-sandbox option, like this:

  let puppeteerConfig = ({
    headless: 1,
    args: ['--no-sandbox']
  })

That worked for me. I am using mermaid through the pandoc mermaid-filter module in version 1.4.7.

If you are on the same version, and run a unix/linux flavor, you can use this patch to achieve the same result:

176c176,177
<     headless: 1
---
>     headless: 1,
>     args: ['--no-sandbox']

Put this into a file sandbox_workaround.patch this next to your index.js file and run

patch index.js sandbox_workaround.patch

sachac added a commit to sachac/ob-mermaid that referenced this issue Jan 10, 2025
* ob-mermaid.el (org-babel-execute:mermaid): Allow
users to set ob-mermaid-cli-path to something more
complex like "aa-exec --profile=chrome mmdc",
which may be needed on systems like Ubuntu 24
where AppArmor restricts Puppeteer.

Related to:
- mermaid-js/mermaid-cli#730
- puppeteer/puppeteer#12818
aloisklink added a commit that referenced this issue Jan 13, 2025
Ubuntu 24.04 has stricter AppArmor policies that prevent Puppeteer from
running, with an error like:

> Failed to launch the browser process!
> [0109/235031.343250:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

We can use [`aa-exec`][1] to explicitly set the `chrome` policy and get
it working again.

[1]: https://manpages.ubuntu.com/manpages/noble/man1/aa-exec.1.html
See: #730 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants