Docker image fails to run when using the recommended Docker file from this repo
See original GitHub issueI created a Nuxt.js application which uses Puppeteer in an express end point. The application only works on localhost Mac OS. When I run the application in Cloud Foundry Linux Debian that specific route times out as I have seen other people on the internet have the same problem when deploying to a Debian production environment.
Due to this, I decided to use the Docker example from this repo. I put my application in Docker and was able to replicate my initial issue. At this point I moved to update the Docker file with the recommended Docker file in this repo which has since then produced this error.
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
I have tried every thing that exists on the internet to overcome this. What steps must I take beyond the recommendation for the Docker file to run this image?
I would be happy to run it as root with --no-sandbox but I am not sure how that can be done from the Docker file.
Due to the trouble I have faced I am wondering if this is a bug?
What steps will reproduce the problem?
Create Docker file, paste the Docker file from this repo in and
Run -
docker build -t user/pdf-generator .
Then run -
docker run -p 3000:300 user/pdf-generator
Please include code that reproduces the issue.
My Docker file -
FROM node:8-slim
RUN apt-get update && apt-get install -yq libgconf-2-4
RUN apt-get update && apt-get install -y wget --no-install-recommends \
&& wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
&& sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
&& apt-get update \
&& apt-get install -y google-chrome-unstable fonts-ipafont-gothic fonts-wqy-zenhei fonts-thai-tlwg fonts-kacst ttf-freefont \
--no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get purge --auto-remove -y curl \
&& rm -rf /src/*.deb
ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 /usr/local/bin/dumb-init
RUN chmod +x /usr/local/bin/dumb-init
RUN npm i puppeteer
# Add user so we don't need --no-sandbox.
RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \
&& mkdir -p /home/pptruser/Downloads \
&& chown -R pptruser:pptruser /home/pptruser \
&& chown -R pptruser:pptruser /node_modules
USER pptruser
ENTRYPOINT ["dumb-init", "--"]
CMD ["google-chrome-unstable"]
My run command -
docker run -p 3000:300 user/pdf-generator
What steps further must be taken to run this image?
What is the expected result? I expect to enter the run command and the Docker image to start running without throwing an error.
What happens instead?
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
Issue Analytics
- State:
- Created 5 years ago
- Reactions:3
- Comments:8 (4 by maintainers)
Top GitHub Comments
@wuno thanks for your hard work. The
{ args: ['--no-sandbox', '--disable-setuid-sandbox'], ignoreHTTPSErrors: true, dumpio: false }
piece is what got it to work for me.We now have a docker image that we use for testing - Dockerfile.linux. Since it’s in our CI pipeline, it is guaranteed to be up-to-date.