From af20d2704f06a4240a3c5e89363083aa82861189 Mon Sep 17 00:00:00 2001
From: Andrey Lushnikov <aslushnikov@gmail.com>
Date: Tue, 21 Jul 2020 13:21:42 -0700
Subject: [PATCH] fix: auto-add `--no-sandbox` when running Chromium under root
 (#3064)

References #2745
---
 src/server/browserType.ts |  3 ++-
 src/server/chromium.ts    | 20 +++++++++++++++++---
 src/server/firefox.ts     |  4 ++++
 src/server/webkit.ts      |  4 ++++
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/server/browserType.ts b/src/server/browserType.ts
index b5bfe9d5e3..29443d556a 100644
--- a/src/server/browserType.ts
+++ b/src/server/browserType.ts
@@ -200,7 +200,7 @@ export abstract class BrowserTypeBase implements BrowserType {
     let browserServer: BrowserServer | undefined = undefined;
     const { launchedProcess, gracefullyClose, kill } = await launchProcess({
       executablePath: executable,
-      args: browserArguments,
+      args: this._amendArguments(browserArguments),
       env: this._amendEnvironment(env, userDataDir, executable, browserArguments),
       handleSIGINT,
       handleSIGTERM,
@@ -239,6 +239,7 @@ export abstract class BrowserTypeBase implements BrowserType {
   abstract _connectToTransport(transport: ConnectionTransport, options: BrowserOptions): Promise<BrowserBase>;
   abstract _startWebSocketServer(transport: ConnectionTransport, logger: Logger, port: number): WebSocketServer;
   abstract _amendEnvironment(env: Env, userDataDir: string, executable: string, browserArguments: string[]): Env;
+  abstract _amendArguments(browserArguments: string[]): string[];
   abstract _attemptToGracefullyCloseBrowser(transport: ConnectionTransport): void;
 }
 
diff --git a/src/server/chromium.ts b/src/server/chromium.ts
index a2b6279605..092c010de6 100644
--- a/src/server/chromium.ts
+++ b/src/server/chromium.ts
@@ -16,7 +16,8 @@
  */
 
 import * as path from 'path';
-import { assert, getFromENV, logPolitely, helper } from '../helper';
+import * as os from 'os';
+import { getFromENV, logPolitely, helper } from '../helper';
 import { CRBrowser } from '../chromium/crBrowser';
 import * as ws from 'ws';
 import { Env } from './processLauncher';
@@ -63,11 +64,24 @@ export class Chromium extends BrowserTypeBase {
   }
 
   _amendEnvironment(env: Env, userDataDir: string, executable: string, browserArguments: string[]): Env {
-    const runningAsRoot = process.geteuid && process.geteuid() === 0;
-    assert(!runningAsRoot || browserArguments.includes('--no-sandbox'), 'Cannot launch Chromium as root without --no-sandbox. See https://crbug.com/638180.');
     return env;
   }
 
+  _amendArguments(browserArguments: string[]): string[] {
+    // We currently only support Linux.
+    if (os.platform() !== 'linux')
+      return browserArguments;
+    // If there's already --no-sandbox passed in, do nothing.
+    if (browserArguments.indexOf('--no-sandbox') !== -1)
+      return browserArguments;
+    const runningAsRoot = process.geteuid && process.geteuid() === 0;
+    if (runningAsRoot) {
+      console.warn('WARNING: Playwright is being run under "root" user - disabling Chromium sandbox! Run under regular user to get rid of this warning.');
+      return ['--no-sandbox', ...browserArguments];
+    }
+    return browserArguments;
+  }
+
   _attemptToGracefullyCloseBrowser(transport: ConnectionTransport): void {
     const message: ProtocolRequest = { method: 'Browser.close', id: kBrowserCloseMessageId, params: {} };
     transport.send(message);
diff --git a/src/server/firefox.ts b/src/server/firefox.ts
index bfb593c335..a57ef3106c 100644
--- a/src/server/firefox.ts
+++ b/src/server/firefox.ts
@@ -47,6 +47,10 @@ export class Firefox extends BrowserTypeBase {
     } : env;
   }
 
+  _amendArguments(browserArguments: string[]): string[] {
+    return browserArguments;
+  }
+
   _attemptToGracefullyCloseBrowser(transport: ConnectionTransport): void {
     const message = { method: 'Browser.close', params: {}, id: kBrowserCloseMessageId };
     transport.send(message);
diff --git a/src/server/webkit.ts b/src/server/webkit.ts
index bcdecbfe54..c537517f0e 100644
--- a/src/server/webkit.ts
+++ b/src/server/webkit.ts
@@ -42,6 +42,10 @@ export class WebKit extends BrowserTypeBase {
     return { ...env, CURL_COOKIE_JAR_PATH: path.join(userDataDir, 'cookiejar.db') };
   }
 
+  _amendArguments(browserArguments: string[]): string[] {
+    return browserArguments;
+  }
+
   _attemptToGracefullyCloseBrowser(transport: ConnectionTransport): void {
     transport.send({method: 'Playwright.close', params: {}, id: kBrowserCloseMessageId});
   }