[arch-general] Chromium in a systemd-nspawn container?
Hello! It seems that a recent update (unfortunately, I'm not sure exactly which) broke my ability to run Chromium in a systemd-nspawn container. Specifically, the symptom is that the Chromium window opens, but remains blank and evidently doesn't respond to keyboard/mouse input. Firefox in the same container runs without issue. Is there something I can do to debug this issue? I'm using the standard trick to allow containers to access X: https://wiki.archlinux.org/index.php/Systemd-nspawn#Use_an_X_environment The only possibly relevant error message I see on Chromium's stderr is: 67:67:0221/100217.520256:ERROR:gpu_channel_manager.cc(459)] ContextResult::kFatalFailure: Failed to create shared context for virtualization. I've tried the --disable-gpu flag, but that makes no difference. Any ideas? -- Mark Raynsford | http://www.io7m.com
On Fri, Feb 21, 2020 at 05:59:44PM +0000, Mark Raynsford via arch-general wrote:
Hello!
It seems that a recent update (unfortunately, I'm not sure exactly which) broke my ability to run Chromium in a systemd-nspawn container. Specifically, the symptom is that the Chromium window opens, but remains blank and evidently doesn't respond to keyboard/mouse input.
Firefox in the same container runs without issue.
Is there something I can do to debug this issue? I'm using the standard trick to allow containers to access X:
https://wiki.archlinux.org/index.php/Systemd-nspawn#Use_an_X_environment
The only possibly relevant error message I see on Chromium's stderr is:
67:67:0221/100217.520256:ERROR:gpu_channel_manager.cc(459)] ContextResult::kFatalFailure: Failed to create shared context for virtualization.
I've tried the --disable-gpu flag, but that makes no difference.
Any ideas?
Hello Mark, you need to disable a few flags: --disable-software-rasterizer, --disable-dev-shm-usage and --disable-web-security See also: https://github.com/Zenika/alpine-chrome/issues/36#issuecomment-534392761 Chris
On Sat, 22 Feb 2020, at 11:13, Christian Rebischke via arch-general wrote:
you need to disable a few flags:
--disable-software-rasterizer, --disable-dev-shm-usage and --disable-web-security
If you have to go so far as to --disable-web-security, then this must be a point where replacing nspawn with firejail looks like the better alternative.
Hi, I'm using systemd-nspawn only for command line, but I'm using google-chrome, not chromium, by another user account. Since I'm a little bit lazy, I'm using the sledgehammer, a simple xhost+. More or less the whole script: xhost + gksudo -u chuser "$*" xhost - exit Since a few days back this xhost+ google-chrome instance tends to suffer from "Something went wrong when opening your profile. Some features may be unavailable." Running google-chrome as the regular user works without issues. I suspect a new security feature, probably provided for chromium as well as chrome. Regards, Ralf
On Sat, 2020-02-22 at 19:30 +0100, Ralf Mardorf via arch-general wrote:
I'm using systemd-nspawn only for command line, but I'm using google-chrome, not chromium, by another user account. Since I'm a little bit lazy, I'm using the sledgehammer, a simple xhost+.
More or less the whole script:
xhost + gksudo -u chuser "$*" xhost - exit
Since a few days back this xhost+ google-chrome instance tends to suffer from "Something went wrong when opening your profile. Some features may be unavailable."
Running google-chrome as the regular user works without issues.
I suspect a new security feature, probably provided for chromium as well as chrome.
PS: Since you donÄt experienc the same issue when running firefox, I'm running other apps not via systemd-nspawn, but by another user account, too, just using this xhost + script. Firefox is one of them and it doesn't suffer from any issue.
participants (4)
-
Christian Rebischke
-
Jens John
-
Mark Raynsford
-
Ralf Mardorf