Skip to content
Latchkey

Puppeteer "Failed to launch the browser process! No usable sandbox!" in CI

Chromium refuses to run its setuid sandbox as root without the right kernel support, and a CI container usually runs as root. The process exits at startup with "No usable sandbox!" unless you disable the sandbox with --no-sandbox.

What this error means

The launch fails with "Failed to launch the browser process!" followed by "No usable sandbox! Update your kernel or see ... Running as root without --no-sandbox is not supported." in a Docker or container job.

Puppeteer
Error: Failed to launch the browser process!
[0708/000000.000000:FATAL:zygote_host_impl_linux.cc(191)] No usable sandbox!
Update your kernel or see https://chromium.googlesource.com/.../suid_sandbox_development.md
Running as root without --no-sandbox is not supported.

Common causes

Running as root in a container

CI containers commonly run as root; Chromium's setuid sandbox then cannot initialize and aborts the process.

The container lacks the namespaces the sandbox needs

Without user-namespace support or the SUID sandbox helper, Chromium has no usable sandbox and refuses to start.

How to fix it

Launch with the no-sandbox args

Disable the sandbox for a trusted CI container that runs as root.

launch options
const browser = await puppeteer.launch({
  args: ['--no-sandbox', '--disable-setuid-sandbox'],
});

Or run the job as a non-root user

If you prefer to keep the sandbox, run the container as a non-root user that can create namespaces.

.github/workflows/ci.yml
container:
  image: node:20
  options: --user 1001

How to prevent it

  • Pass --no-sandbox --disable-setuid-sandbox when the CI container runs as root.
  • Only disable the sandbox for trusted CI, never for untrusted content.
  • Consider running the browser as a non-root user to keep the sandbox on.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →