Brave browser

[jcalfee]

Any ideas on how to proceed with the brave browser?

x11docker note: Using X server option --nxagent


x11docker ERROR: Docker startup seems to have failed! 

  Last lines of docker.log:
QT_X11_NO_NATIVE_MENUBAR=1
SHELL=/bin/bash
TERM=xterm
UBUNTU_MENUPROXY=
USER=jcalfee
XAUTHORITY=/x11docker/Xclientcookie
XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR
XDG_SESSION_TYPE=x11
container=docker
x11docker: copy of environment stored in /x11docker/environment

  Last lines of command stderr:
[8:72:0507/152124.370976:ERROR:bus.cc(394)] Failed to connect to the bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
ATTENTION: default value of option force_s3tc_enable overridden by environment.
[91:91:0507/152124.499940:ERROR:gl_surface_glx.cc(431)] GLX 1.3 or later is required.
[91:91:0507/152124.499968:ERROR:gl_initializer_x11.cc(157)] GLSurfaceGLX::InitializeOneOff failed.
[91:91:0507/152124.501728:ERROR:viz_main_impl.cc(195)] Exiting GPU process due to errors during initialization
[103:103:0507/152124.535774:ERROR:gl_implementation.cc(292)] Failed to load /usr/lib/brave/swiftshader/libGLESv2.so: /usr/lib/brave/swiftshader/libGLESv2.so: cannot open shared object file: No such file or directory
[103:103:0507/152124.537043:ERROR:viz_main_impl.cc(195)] Exiting GPU process due to errors during initialization
[8:70:0507/152124.540659:ERROR:browser_gpu_channel_host_factory.cc(119)] Failed to launch GPU process.
[8:8:0507/152124.851609:ERROR:process_singleton_posix.cc(323)] The profile appears to be in use by another Chromium process (7) on another computer (7b94c120690d). Chromium has locked the profile so that it doesn't get corrupted. If you are sure no other processes are using this profile, you can unlock the profile and relaunch Chromium.
  
  Type 'x11docker --help' for usage information
  For debugging, run x11docker in terminal and/or enable option '--verbose'
  and look afterwards at logfile /home/jcalfee/.cache/x11docker/x11docker.log
  Please report issues at https://github.com/mviereck/x11docker

./brave

set -o errexit

rel=xenial

function build() {
  dir=$(dirname "$0")
  docker build -t brave -f "$dir/brave.Dockerfile" "$dir" --build-arg REL=$rel
}

function install() {
  set -o xtrace

  deps="ca-certificates curl apt-transport-https"

  apt-get update
  apt-get install -y --no-install-recommends $deps

  curl https://s3-us-west-2.amazonaws.com/brave-apt/keys.asc | apt-key add -
  echo "deb [arch=amd64] https://s3-us-west-2.amazonaws.com/brave-apt $rel main" | tee -a /etc/apt/sources.list.d/brave-$rel.list

  apt update
  apt install -y brave

  apt-get purge -y --auto-remove $deps
  #rm -rf /var/lib/apt/lists/*
}

"${@-build}"

brave.Dockerfile

ARG REL=xenial
FROM ubuntu:$REL
RUN apt-get update
COPY brave /tmp
RUN bash /tmp/brave install
RUN apt-get install -y libasound2
RUN rm -rf /var/lib/apt/lists/*
ENTRYPOINT ["brave"]
CMD [ "--user-data-dir=/data" ]

[mviereck]

I did a test build with:

FROM ubuntu:xenial
RUN apt-get update && apt-get install -y curl apt-transport-https
RUN curl https://s3-us-west-2.amazonaws.com/brave-apt/keys.asc | apt-key add -
RUN echo "deb https://s3-us-west-2.amazonaws.com/brave-apt xenial main" > /etc/apt/sources.list.d/brave-xenial.list
RUN apt-get update && apt-get install -y brave libasound2
CMD ["brave", "--no-sandbox"]

I can run it successfully with x11docker --nxagent brave. I don't see an obvious difference to your setup. (Except that you remove ca-certificates that brave would need for https sites).

brave seems to be a fork of chromium.
Some notes about chromium option --no-sandbox: #31 (comment)

Maybe you miss just the --no-sandbox option, although that is not obvious in your error message.
You can try my Dockerfile example. If you still have issues, please run with option --verbose and store the output at https://pastebin.com/.

[jcalfee]

Ok, I used your docker..
https://pastebin.com/2261nF1D

This seems error stands out::

[8:74:0507/211349.648008:ERROR:bus.cc(394)] Failed to connect to the bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

[mviereck]

I have this similar error messages, but with a successfull startup. So far I consider them rather harmless. The dbus error occurs due to missing dbus in container, but brave can run without it:

[69:78:0508/113004.840484:ERROR:bus.cc(394)] Failed to connect to the bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
ATTENTION: default value of option force_s3tc_enable overridden by environment.
[96:96:0508/113005.189015:ERROR:gl_surface_glx.cc(431)] GLX 1.3 or later is required.
[96:96:0508/113005.189332:ERROR:gl_initializer_x11.cc(157)] GLSurfaceGLX::InitializeOneOff failed.
[96:96:0508/113005.194757:ERROR:viz_main_impl.cc(195)] Exiting GPU process due to errors during initialization
[108:108:0508/113005.271935:ERROR:gl_implementation.cc(292)] Failed to load /usr/lib/brave/swiftshader/libGLESv2.so: /usr/lib/brave/swiftshader/libGLESv2.so: cannot open shared object file: No such file or directory
[108:108:0508/113005.274405:ERROR:viz_main_impl.cc(195)] Exiting GPU process due to errors during initialization
[69:76:0508/113005.281826:ERROR:browser_gpu_channel_host_factory.cc(119)] Failed to launch GPU process.
[69:69:0508/113007.450858:ERROR:bus.cc(394)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[69:76:0508/113007.604462:ERROR:browser_gpu_channel_host_factory.cc(119)] Failed to launch GPU process.
[69:69:0508/113007.686942:ERROR:gpu_process_transport_factory.cc(1007)] Lost UI shared context.
[69:69:0508/113007.773867:ERROR:bus.cc(394)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[69:69:0508/113009.747892:ERROR:CONSOLE(1)] "(node) warning: possible EventEmitter memory leak detected. %d listeners added. Use emitter.setMaxListeners() to increase limit.", source: chrome://brave/usr/lib/brave/resources/app.asar/app/extensions/brave/gen/app.entry.js (1)
[69:69:0508/113009.748104:ERROR:CONSOLE(1)] "(node) warning: possible EventEmitter memory leak detected. %d listeners added. Use emitter.setMaxListeners() to increase limit.", source: chrome://brave/usr/lib/brave/resources/app.asar/app/extensions/brave/gen/app.entry.js (1)

The signifcant error messages from your log are from this type:

An uncaught exception occurred in the main process Uncaught Exception:
Error: /tmp/.org.chromium.Chromium.TtyGc8: failed to map segment from shared object
    at process.module.(anonymous function) [as dlopen] (ELECTRON_ASAR.js:168:20)
    at Object.Module._extensions..node (module.js:596:18)
    at Object.module.(anonymous function) [as .node] (ELECTRON_ASAR.js:182:18)
    at Module.load (module.js:488:32)
    at tryModuleLoad (module.js:447:12)
    at Function.Module._load (module.js:439:3)
    at Module.require (module.js:498:17)
    at require (internal/module.js:20:19)
    at bindings (/usr/lib/brave/resources/app.asar/node_modules/bindings/bindings.js:81:44)
    at /usr/lib/brave/resources/app.asar/node_modules/level/node_modules/leveldown/leveldown.js:4:46
Waiting 60 seconds for process to load

Though, I am not sure what this error means. Possibilities to try out:

• Maybe it is related to X server nxagent. Try to run with --hostdisplay --gpu instead.
• Maybe some OpenGL dependencies are missing. Try
  RUN apt-get install -y mesa-utils mesa-utils-extra in Dockerfile.
• failed to map segment from shared object could point to some shared memory issue. Try with --hostipc to allow shared memory.

[jcalfee]

The host OS is Ubuntu 18.04 LTS .. Release: 18.04

A low ulimit -v (virtual memory) can cause this exact error worded:

"failed to map segment from shared object"

The virtual memory limit on the host and during the docker build is "unlimited"..

Maybe docker needs an extra paramter to incrase its memory limit. There are several docker run parameters that might do this.. --shm-size nG for example .. Is there a good way to test these out?

[mviereck]

--shm-size nG for example .. Is there a good way to test these out?

You can add docker run options in "" after --. Example:

x11docker --verbose -- "--shm-size 1G" brave

Did you test the following?

• Maybe it is related to X server nxagent. Try to run with --hostdisplay --gpu instead.
• Maybe some OpenGL dependencies are missing. Try
  RUN apt-get install -y mesa-utils mesa-utils-extra in Dockerfile.
• Try with --hostipc to allow shared memory.

Comparing with a chromium image could give some hints, too:

FROM debian:stretch-slim
RUN apt-get update
RUN apt-get install -y --no-install-recommends chromium ca-certificates
CMD ["chromium", "--no-sandbox"]

[jcalfee]

Sorry, forgot to mention .. I did try all those options and with the new libraries.. In every case the same error shows up.. I see the memory flag got passed to docker run but that did not help.

This might be related: docker/compose#1339

I don't see any updates for docker.io in the bonic repo yet..

[mviereck]

This might be related: docker/compose#1339

It seems that this bug happens on host, not in container.

I don't see any updates for docker.io in the bonic repo yet..

Is bonic the tag name for ubuntu 18.04? What does docker --version show? I get Docker version 18.03.1-ce, build 9ee9f40

Comparing with a chromium image could give some hints, too

Did you try the chromium example?

I give some hints for troubleshooting here: https://github.com/mviereck/x11docker#troubleshooting
Try this barely isolated setup:

x11docker --verbose --hostipc --hostnet --cap-default --sys-admin brave

If it runs, reduce the options from last to first until only one is left.

---

I did a test build with debian 9 as base image, runs with same messages here:

FROM debian:stretch
RUN apt-get update && apt-get install -y curl apt-transport-https gnupg
RUN curl https://s3-us-west-2.amazonaws.com/brave-apt/keys.asc | apt-key add -
RUN echo "deb https://s3-us-west-2.amazonaws.com/brave-apt stretch main" > /etc/apt/sources.list.d/brave-stretch.list
RUN apt-get update && apt-get install -y brave libasound2
RUN apt-get install -y mesa-utils mesa-utils-extra
CMD ["brave", "--no-sandbox"]

[mviereck]

Maybe I found the issue:

I noticed your docker command in logfile still has option --tmpfs /tmp. Current x11docker release 4.2.0 does not set that in general, but only for some special cases.

The bug report you linked to mentioned something about noexec in /tmp, thus this may be related, although the circumstances are different.

Run x11docker --update and most probably the problem is solved.

[jcalfee]

The update works .. thank you ..

For the record

docker --version
Docker version 17.12.1-ce, build 7390fc6

[mviereck]

The update works .. thank you ..

Great!

I've just published 4.2.1 release. It allows you to run brave with dbus system daemon in container. You will get less error messages:

x11docker --dbus-system brave

[Viking8]

Hi mviereck,

This is the first time I've done anything with docker and I interestingly chose brave browser as my first project! I learned a lot from this issue with jcalfee, but wanted to know if you knew why --no-sandbox is needed to actually get brave to work? I get a message in brave just below the URL line that says.... "You are using an unsupported command-line flag: --no-sandbox. Stability and security will suffer."
After getting my container up and running, (I use --hostdisplay --gpu. Those have been the best options for me) I noticed that the container had been deleted. I read in the help that x11docker always runs a fresh container from image and discards it afterwards, But I was wondering if there is a way to keep a container, so I don't lose changes made to brave if the host PC needs to be rebooted or it crashes. ( Like adding bookmarks, installing extensions and changing settings.) Thanks for x11docker and your help!

EDIT: 4/23/2021 @ 1:07am - So I tried renaming the container while it was running. It worked and when I stopped it wasn't deleted, but I'm not sure how to get it started again. Any help would be great!

Clayton

[mviereck]

wanted to know if you knew why --no-sandbox is needed to actually get brave to work?

brave is based on chromium. chromium has some sort of sandboxing for each tab (I don't know the details). This sort of sandboxing needs advanced privileges that are disabled in docker containers by default.
There are two ways to solve this:

• either disable sandboxing with --no-sandbox
• or allow advanced privilege SYS_ADMIN that basically breaks container isolation and allows malicious applications to damage the host.

my containers are gone with everything I've done within the browser. (Adding bookmarks or changing settings etc.) How do have the container remain after stopping it, so it can just be started again?

x11docker always drops used conbtainers and starts fresh ones from the image.
To preserve settings, use option --home. Compare x11docker --help.

Other than those issues, it's running great! Thanks for x11docker and your help!

Thank you :-)

[Viking8]

x11docker always drops used conbtainers and starts fresh ones from the image.
To preserve settings, use option --home. Compare x11docker --help.

--home worked great for one instance. As soon as I started another, the brave profile was locked, so I won't be able to have multiple instances with separate profiles unless I build multiple images, but that's shouldn't be a big deal.

Thanks again!

Clayton

[mviereck]

--home worked great for one instance. As soon as I started another, the brave profile was locked

You can specify a different storage dir with --home=PATH.