Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable AppArmor in CI to allow chrome sandbox #511

Merged
merged 1 commit into from
Jan 29, 2025
Merged

Disable AppArmor in CI to allow chrome sandbox #511

merged 1 commit into from
Jan 29, 2025
+6 −0

Conversation

igolaizola
Copy link
Contributor

@igolaizola igolaizola commented Jan 29, 2025
edited by mafredri
Loading

The CI is currently failing with this error when trying to launch TestWasm with wasmbrowsertest:

No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

This change disables AppArmor in the CI to allow the sandbox to work.

Fixes #512
Closes #510

@igolaizola
Disable AppArmor in CI to allow chrome sandbox
2a82e6e 
The CI is currently failing with this error when trying to launch
`TestWasm` with wasmbrowsertest:

No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux
distro that has disabled unprivileged user namespaces with AppArmor, see
https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md.
Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md
for more information on developing with the (older) SUID sandbox. If you
want to live dangerously and need an immediate workaround, you can try
using --no-sandbox.

This change disables AppArmor in the CI to allow the sandbox to work.
@igolaizola
Copy link
Contributor Author

I got the idea to disable AppArmor from the following pull request in the wasmbrowsertest project: agnivade/wasmbrowsertest#72.

This was referenced Jan 29, 2025
Closed
Closed
mafredri
mafredri approved these changes Jan 29, 2025
View reviewed changes
Copy link
Member

@mafredri mafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for investigating, nice solution!

@mafredri
Copy link
Member

@igolaizola I think this approach is fine, can we close #512 and #510 or would you like for them to remain open?

@igolaizola
Copy link
Contributor Author

igolaizola commented Jan 29, 2025
edited
Loading

@igolaizola I think this approach is fine, can we close #512 and #510 or would you like for them to remain open?

I agree. Feel free to merge this solution to fix the issue #512. Then we can also close #510.

@mafredri mafredri merged commit 3e183a9 into coder:master Jan 29, 2025
4 checks passed
@igolaizola igolaizola deleted the disable-app-armor branch January 29, 2025 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mafredri mafredri mafredri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CI failing when launching TestWasm with wasmbrowsertest
2 participants
@igolaizola @mafredri