Chromium Embedded Framework Forum

[zerodefect]

I'm running a C++ application within a Docker container (image based on Ubuntu 17.10). The application is designed using the 'Separate Sub-Process' model as outlined in the CEF guide (as a side note, I'm using dumb-init).

When the docker container starts, I get the error:

[0404/203947.094543:ERROR:zygote_host_impl_linux.cc(90)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.

I do not perceive running as root within a Docker container to be a security risk, so I would rather disable sandboxing. I've tried to view the bug report outlined in the URL, but the link has restricted access.

Having found some documentation via chromium, I tried to add the '--disable-setuid-sandbox' as is suggested, but it did not appear to make a difference.

Does this command line option need to be passed to parent and child executables? I presume child-only.

Any other tips/suggestions would be very much appreciated.

[magreenblatt]

Running as root sounds like a bad idea, but you can pass the "--no-sandbox" flag to the main process.

[zerodefect]

Thanks, that did the trick. I don't think I had re-compiled when I tried it the first time (embarrassing).