Login/Register
Why do I need `--no-sandbox` to run Selenium Chromedriver even with admin privilege
Asked Answered
c#seleniumgoogle-chromeselenium-webdriverselenium-chromedriver
C

1

11

I started working on Selenium (C#) and, to my surprise, I cannot run even the simplest project from the Selenium Docs. However, my collegues can run it normally out of the box with no problems.

The only way for me to be able to run is to add the --no-sandbox option to the Chrome option. Firefox (Gekco) driver doesn't have this problem, and my Chrome version and my Chromedriver version match. But I can't do this with every project because we're using a library that don't pass this option and it's beyond my controls.

What are the policy/configuration that I might need to change?

I have tried to find other similar threads on S/O but none of that solve my issues. Most of them can be solved by updating Chrome/ChromeDriver version but mine is at the latest of 100 (also has the same problem with Chrome 99).

Error

It just stays at data:, and doesn't proceed to any other page as it should.

enter image description here

Starting ChromeDriver 100.0.4896.60 (6a5d10861ce8de5fce22564658033b43cb7de047-refs/branch-heads/4896@{#875}) on port 61538
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.

DevTools listening on ws://127.0.0.1:61542/devtools/browser/38c3268c-dd43-4100-bb1a-71aa2af4c1fc
Unhandled exception. OpenQA.Selenium.WebDriverException: The HTTP request to the remote WebDriver server for URL http://localhost:61538/session timed out after 60 seconds.
 ---> System.Threading.Tasks.TaskCanceledException: The request was canceled due to the configured HttpClient.Timeout of 60 seconds elapsing.
 ---> System.TimeoutException: The operation was canceled.
 ---> System.Threading.Tasks.TaskCanceledException: The operation was canceled.
 ---> System.IO.IOException: Unable to read data from the transport connection: The I/O operation has been aborted because of either a thread exit or an application request..
 ---> System.Net.Sockets.SocketException (995): The I/O operation has been aborted because of either a thread exit or an application request.
   --- End of inner exception stack trace ---

Code

using System;
using System.Threading;
using OpenQA.Selenium.Chrome;
using OpenQA.Selenium.Firefox;

namespace SeleniumDocs.Hello
{
    public class HelloSelenium
    {
        public static void Main()
        {
            var chromeOptions = new ChromeOptions();

            var service = ChromeDriverService.CreateDefaultService(@"C:\WebDriver\bin");
            // chromeOptions.AddArgument("--no-sandbox"); // with this it works; without, doesn't

            var driver = new ChromeDriver(service, chromeOptions);
            driver.Navigate().GoToUrl("https://selenium.dev");

            Thread.Sleep(10000);

            driver.Quit();
        }
    }
}
Carmagnole answered 31/3, 2022 at 15:37 Comment(1)
Related question to --no-sandbox attribute: What does the Chromium option --no-sandbox mean?Wicket
H
8

Sandbox

The sandbox is a C++ library that allows the creation of sandboxed processes — processes that execute within a very restrictive environment. The only resources sandboxed processes can freely use are CPU cycles and memory. For example, sandboxes processes cannot write to disk or display their own windows. What exactly they can do is controlled by an explicit policy. Chromium renderers are sandboxed processes.

Functionally sandbox limits the severity of bugs in code running inside the sandbox. Such bugs cannot install persistent malware in the user‘s account (because writing to the filesystem is banned). Such bugs also cannot read and steal arbitrary files from the user’s machine.

(In Chromium, the renderer processes are sandboxed and have this protection. After the NPAPI removal, all remaining plugins are also sandboxed. Chromium renderer processes are isolated from the system, but not yet from the web. Therefore, domain-based data isolation is not yet provided.

This usecase

A common cause for Chrome to crash during startup is running Chrome as root user (administrator) on Linux. While it is possible to work around this issue by passing --no-sandbox flag when creating your WebDriver session, such a configuration is unsupported and highly discouraged. You need to configure your environment to run Chrome as a regular user instead.

References

You can find a relevant detailed discussion in:

Humeral answered 31/3, 2022 at 22:45 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.