Chromium Segfault inside Docker or other containerization.
Package Information
- Package name: chromium
- Package version: chromium-122.0.6261.128-r0
- Alpine version: 3.19.1
- Alpine architecture: all, but x86_64 specifically for this issue
Summary
Chromium segfaults when run inside docker/bwrap/proot specifically only the Alpine version. I have maintained webtop and a chromium Docker image for a while and a couple months ago had to swap off chromium to default firefox in these images while rebasing chromium to Debian.
https://github.com/linuxserver/docker-webtop/issues/192
The Glibc versions of chromium on Arch/Debian/Fedora do not exhibit this behavior despite being the same version.
Steps to reproduce
This is difficult to debug. I am hoping for a magic bullet, but not expecting one. I understand running these desktop applications in a jail like this is a corner case and a bare metal install of Alpine does not suffer from this issue.
The easiest way to reproduce would be on a system with Docker:
docker run --rm -it --shm-size=1gb -p 3000:3000 linuxserver/webtop bash
Access http://localhost:3000, open a terminal sudo apk add chromium
chromium --no-sandbox
(you can avoid no sandbox with --security-opt seccomp=unconfined
)
Today I discovered something odd when giving another shot at trying to get it to run, it seems like there is some kind of race in the init as chromium can potentially be launched by spamming the command repeatedly as seen here:
When expanding the CLI options you can get it to launch more reliably, had the best luck with a clean session and chromium --no-sandbox --disable-gpu --disable-dev-shm-usage --single-process --no-zygote
but it still suffers from the same segfault.
The youtube issue in the attached example happened to me when playing with namespacing and running apps in userspace with bubblewrap and proot even the Glibc versions that work reliably in Docker, it has me thinking all of this is connected somehow and revolves around the sandboxing that chromium is doing.
That is all the information I really have and have been unable to find any kind of reliable fix on my side.