search

kovetskiy / mark

Sync your markdown files with Confluence pages.
https://samizdat.dev
Other
988 stars 147 forks source link

No usable sandbox! Fatal error #348

Open viclang opened 11 months ago

viclang commented 11 months ago

I'm trying to integrate the mark docker image in the azure pipeline, but I'm getting the following error from the chrome dependency:

TRACE rendering markdown:
<!-- document was printed here -->
panic: chrome failed to start:
[FATAL:zygote_host_impl_linux.cc(127)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

goroutine 1 [running]:
github.com/kovetskiy/mark/pkg/mark.CompileMarkdown({0xc0002f9b00, 0xd64, 0xd80}, 0xc0002c4bc0, {0x7ffca007bb6e, 0xb}, {0xc0001ed390, 0xa}, 0x0)
    /go/src/github.com/kovetskiy/mark/pkg/mark/markdown.go:681 +0x859
main.processFile({0x7ffca007bb6e, 0xb}, 0xba7420?, 0x0?, {0x0?, 0x0}, {0x7ffca007bba6, 0x16})
    github.com/kovetskiy/mark/main.go:455 +0x119d
main.RunMark(0xc0001ac8c0)
    github.com/kovetskiy/mark/main.go:252 +0x710
github.com/urfave/cli/v2.(*Command).Run(0xc0001a02c0, 0xc0001ac8c0, {0xc0000340e0, 0xe, 0xe})
    /go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274 +0x9eb
github.com/urfave/cli/v2.(*App).RunContext(0xc000226000, {0xffd178?, 0xc000042110}, {0xc0000340e0, 0xe, 0xe})
    /go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332 +0x616
github.com/urfave/cli/v2.(*App).Run(...)
    /go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309
main.main()
    github.com/kovetskiy/mark/main.go:190 +0x13a

It seems like the pipeline doesn't have the correct permissions to use the sandbox, but when I'm looking at the Dockerfile I see that it already uses the --no-sandbox option

My pipeline looks something like this:

trigger:
  branches:
    include:
    - main
  paths:
    include:
    - docs

variables:
  - group: Mark

parameters:
- name: 'markUser'
  type: string
  default: 'user@example.com'

resources:
  containers:
  - container: mark-container
    image: kovetskiy/mark:latest

container: mark-container

steps:
- bash: |
    if [ -d "docs" ]; then
      # mark.sh calls: mark --ci --debug --trace -f "docs/$$.md" --parents "$parents" -u "$USERNAME" -p "$PASSWORD" -c "$CONFIG"
      bash -x templates/publish/markdown-to-confluence/mark.sh -u $MARK_USER -p $MARK_PASS -c templates/publish/markdown-to-confluence/config.toml
    else
      echo "Docs folder does not exist. Skipping step."
    fi
  env:
    MARK_USER: ${{ parameters.markUser }}
    MARK_PASS: $(confluence-api)
  target: mark-container

How can I solve this problem?