Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mdouchement/zoom-us:latest won't start, as of 5.10.3.2778 #48

Open
olberger opened this issue Apr 25, 2022 · 7 comments
Open

mdouchement/zoom-us:latest won't start, as of 5.10.3.2778 #48

olberger opened this issue Apr 25, 2022 · 7 comments

Comments

@olberger
Copy link

olberger commented Apr 25, 2022

I tried to launch it today, from an image downloaded with docker pull mdouchement/zoom-us:latest, and nothing happens.

Inside the container (docker run -it mdouchement/zoom-us:latest /bin/bash),

# cat /opt/zoom/version.txt
5.10.3.2778

Dunno what's wrong, but may attempt to debug a bit

@olberger
Copy link
Author

$HOME/zoomus/.zoom/logs/zoom_stdout_stderr.log exhibits:

ZoomLauncher started.
Zoom path is: /opt/zoom
cmd line: 
Start subprocess: /opt/zoom/zoom sucessfully,  process pid: 49 
No PulseAudio daemon running, or not running as session daemon.
                             Class      App      Lib Possible Culprit Flags
                resip::Connection      648      648 
                      resip::Data       36       36 
                 resip::DnsResult     1080     1080 
                   resip::Headers        1        1 
          resip::MsgHeaderScanner       40       40 
                resip::SipMessage     5208     5208 
         resip::TransportSelector      864      864 
                     resip::Tuple      128      128 
              resip::UdpTransport     1144     1144 
          resip::GenericIPAddress       28       28 

zoom started.
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
zoom was exited due to a handled signal: 5 
ZoomLauncher exit.

@olberger
Copy link
Author

It seems that running with --privileged would do... but I'm afraid of the consequences...

@mdouchement
Copy link
Owner

It gives root access to the container.
I think that Zoom has change some network access.

You may have some input from jessfraz/dockerfiles#350

@winterdeaf
Copy link

It appears that zoom is now spawning a chrome-sandbox (/opt/zoom/cef/chrome-sandbox).
Therefore the same problems of dockerizing chrome apply (see jessfraz/dockerfiles#341).

Passing --security-opt seccomp=unconfined to docker or using this seccomp profile (which is essentially this one + statx) will fix the problem.

diff --git a/scripts/zoom-us-wrapper b/scripts/zoom-us-wrapper
index 8642b45..338365b 100755
--- a/scripts/zoom-us-wrapper
+++ b/scripts/zoom-us-wrapper
@@ -117,6 +117,7 @@ prepare_docker_device_parameters

 echo "Starting ${prog}..."
 ${SUDO} docker run -d \
+  --security-opt seccomp=./docker.json \
   ${ENV_VARS} \
   ${VIDEO_DEVICES} \
   --device /dev/dri \

@olberger
Copy link
Author

olberger commented May 23, 2022

Hmmm... One main interest of Dockerizing Zoom (for me at least) is to sandbox it from doing nasty thing on the user's machine... how's this affecting the effectiveness of this sandboxing ?

@clst
Copy link

clst commented Jan 24, 2023

I tried a lot with commandline parameters and QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox" (also in /sbin/entrypoint.sh but was not successful.
The commandline parameter --disable-seccomp-filter-sandbox works for teams but not for zoom.

So the seccomp profile @winterdeaf suggested is currently the best option. :(

EDIT: weirdly the latest image still doesn't run. But using 9e0dfd3cf61d and installing the latest zoom.deb does. I guess something breaks xcb in the latest one:

qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.

@EvTheFuture
Copy link

When adding --env=QT_DEBUG_PLUGINS=1 to the docker command line when launching zoom, I get this extra information:

Cannot load library /opt/zoom/Qt/plugins/platforms/libqxcb.so: (libxcb-icccm.so.4: cannot open shared object file: No such file or directory)
QLibraryPrivate::loadPlugin failed on "/opt/zoom/Qt/plugins/platforms/libqxcb.so" : "Cannot load library /opt/zoom/Qt/plugins/platforms/libqxcb.so: (libxcb-icccm.so.4: cannot open shared object file: No such file or directory)"
qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.

No PulseAudio daemon running, or not running as session daemon.
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
zoom was exited due to a handled signal: 6 
ZoomLauncher exit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants