fix: pass --no-sandbox by default to Chromium

We see a lot of issues with users struggling with Chromium sandboxing. We tried fighting these with Docker configs, but it requires running Docker with special seccomp profile. As a result, majority ends up using `--no-sandbox` anyway. This patch saves our users a hassle and starts using `--no-sandbox` by default. References microsoft#2745
aslushnikov · Jul 18, 2020 · 3807473 · 3807473
1 parent 91e1a25
commit 3807473
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 1,540 deletions.
diff --git a/docs/docker/README.md b/docs/docker/README.md
@@ -31,12 +31,10 @@ $ docker pull mcr.microsoft.com/playwright:bionic
 ### Run the image
 
 ```
-$ docker container run -it --rm --ipc=host --security-opt seccomp=chrome.json mcr.microsoft.com/playwright:bionic /bin/bash
+$ docker container run -it --rm --ipc=host mcr.microsoft.com/playwright:bionic /bin/bash
 ```
 
 Note that:
-
-* The seccomp profile is required to run Chrome without sandbox. Thanks to [Jessie Frazelle](https://github.com/jessfraz/dotfiles/blob/master/etc/docker/seccomp/chrome.json).
 * Using `--ipc=host` is also recommended when using Chrome ([Docker docs](https://docs.docker.com/engine/reference/run/#ipc-settings---ipc)). Chrome can run out of memory without this flag.
 
 ### Using on CI