Bhaumin
Bhaumin3mo ago

`Deno run` command with permission flags not working inside container

I'm encountering an issue with running a Deno script inside a container (deno and chromium installed). When I execute the following command with specific permission flags: deno run --allow-read--allow-env --allow-write --allow-run="/usr/bin/chromium" --allow-net /test/index.ts it results in a timeout error. I've tried using -A (which grants all permissions) but it leads to the same error. However, when I run the command without any flags: deno run /test/index.ts Deno prompts me for permissions, and after granting them (by typing A), the script executes successfully. Why does the script work when granting permissions manually but fail when using the corresponding flags? What could be causing this discrepancy?
11 Replies
BrunoBernardino
BrunoBernardino3mo ago
Can you give more details as to what does the Dockerfile look like, for example, so we can try to replicate? Also which deno version you're using. I remember the denoland/deno:alpine requiring --allow-all or -A in CMD in order to work, but it doesn't seem like it's the same issue you're experiencing.
Bhaumin
BhauminOP3mo ago
https://github.com/StaytunedLLP/dagger-puppeteer here is a link to repo.. we are trying with dagger. we have taken chromium as base image, installed latest deno on top of it and tried to run index file by passing all flags @marvinh. can you please help here
marvinh.
marvinh.3mo ago
@Bhaumin I don't see any dockerfiles in the linked repo. Running the puppeter script locally with Deno 2.0.2 works as expected: 
deno run -A index.ts
Launching Puppeteer...
Warning: Not implemented: ClientRequest.options.createConnection
Screenshot saved to example.png
deno run -A index.ts
Launching Puppeteer...
Warning: Not implemented: ClientRequest.options.createConnection
Screenshot saved to example.png
Bhaumin
BhauminOP3mo ago
yes locally it is working..we are using dagger to create a container and run puppeteer and deno inside it.. there is no dockerfile for this. we have taken linuxserver/chromium:latest as base image. you can see that code inside example/src/index.ts file
marvinh.
marvinh.3mo ago
How do I run that code? I'm not familiar with dagger.
Bhaumin
BhauminOP2mo ago
ok will provide dockerfile for this so you can run that and check I have added dockerfile. Follow below steps to reproduce the issue 1. From repository root folder, Run docker build -t deno-puppeteer . 2. Run docker run -it deno-puppeteer 3. Open interactive terminal of docker. 4. Run /config/.deno/bin/deno run --allow-read --allow-env --allow-write --allow-run --allow-net --allow-sys index.ts . It will throw an error of timeout. 5. If you run /config/.deno/bin/deno run index.ts and provide all permission then it will work.
BrunoBernardino
BrunoBernardino2mo ago
Maybe you're missing a specific permission like --allow-ffi? When you do the interactive version, instead of A to allow all, can you check one by one what's being requested? Oh, you mentioned even with --allow-all it didn't work.
Bhaumin
BhauminOP2mo ago
yes we tried with both permissions but not working have you check with dockerfile? and suggestion for deno command? @marvinh. can you please help here to solve this?
marvinh.
marvinh.2mo ago
I'm not able to reproduce the described problem. Both commands work without erroring for me
No description
Bhaumin
BhauminOP2mo ago
are you trying inside container?
marvinh.
marvinh.2mo ago
yes