Linux – /bin/bash: Resource temporarily unavailable in Docker when running Chrome

dockergoogle-chromelinux

I have a Docker container running Redhat:

Red Hat Enterprise Linux Server release 6.2 (Santiago)

Host OS is Linux Mint:

Linux Mint 19 Tara

When I run certain commands in it and Chrome is running on the host machine I get:

bash-4.1# su www
su: /bin/bash: Resource temporarily unavailable

When I close Chrome on the host machine the commands work as expected.

My thinking is I'm running into some kind of resource issue but I'm not sure where to look — which resource and is the issue in the OS on the Docker container or the host OS?

I thought it might be open files:

$ lsof | wc -l <-- With Chrome
311424
$ lsof | wc -l <-- Without Chrome
181608

But the max files on the host is set way above the open files with Chrome running:

$ cat /proc/sys/fs/file-max
3264936

Memory doesn't seem to be an issue either:

$ free -g <-- With Chrome
              total        used        free      shared  buff/cache   available
Mem:             31           8           5           2          17          19
Swap:             1           0           1

$ free -g <-- Without Chrome
              total        used        free      shared  buff/cache   available
Mem:             31          11           2           2          17          16
Swap:             1           0           1

Where else should I be looking?

Update

baelx has the correct answer but there's some additional resources that may help other people in the future.

https://blog.dbi-services.com/linux-how-to-monitor-the-nproc-limit-1/

This article has some good information on finding the number of processes each user is running.

$ ps h -Led -o user | sort | uniq -c | sort -n

It's also important to note that the nproc command has nothing to do with the nproc.conf file.

https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf

This article has information on how host user ids map to container user ids. In my case, my user on the host has a user id of 1000. The www user on the host has a user id also of 1000. With Chrome having open 1600+ processes on the host owned by user id 1000 (jbodnar) the container couldn't open another process for user id 1000 (www).

Best Answer

You might be hitting your system's max PID or its ulimit. You can see how many total processes are running with:

ps -eLf | wc -l

If the above result is 32,000, then increase kernel.pid_max to 65,534. Your system will only support this increase if it's a 64-bit system, mind you. You can use the sysctl command to achieve this:

sysctl -w  kernel.pid_max=65534

At this point try to run the su command again. If that's not working then have a look at Chrome's number of running processes:

ps -eLf | grep chrome | wc -l

You could then try to modify Chrome's nproc number within /etc/security/limits.conf - although this might need to be done through /etc/security/limits.d/90-nproc.conf for RHEL 6.

Each file should use the same syntax to describe the amount of open processes. You can try changing Chrome's value from 1024 to 2048(or possibly greater if the issue merrits it). You could also try adjusting this value for all users(denoted by the star):

<user>       -          nproc     2048      <<<----[ Only for "<user>" user ]
  *          -          nproc     2048      <<<----[ For all user's ]

Source

(If you don't have an account there, I'd recommend it since there's lots of good educational and support material there.)

Setting up the docker container

I needed to make my own Docker image, based on the Ubuntu/Chrome/Selenium image that I was already using, to install the pulseaudio package, tweak the entrypoint to launch it, and add some audio files to play back.

dockerfile:

FROM selenium/standalone-chrome-debug

# Install pulse audio
RUN apt-get -qq update && apt-get install -y pulseaudio

# Copy some media files into place
RUN mkdir -p /opt/media
COPY audio1.wav /opt/media/audio1.wav
COPY audio2.wav /opt/media/audio2.wav

# Use custom entrypoint
COPY entrypoint.sh /opt/bin/entrypoint.sh

ENTRYPOINT /opt/bin/entrypoint.sh

Then, I needed a custom entrypoint to start the pulseaudio server and configure a custom audio source, before starting the standard Selenium startup entry point.
There's two virtual devices here so that one can be used for audio playback without that being piped into the virtual microphone.

entrypoint.sh

# Load pulseaudio virtual audio source
pulseaudio -D --exit-idle-time=-1

# Create virtual output device (used for audio playback)
pactl load-module module-null-sink sink_name=DummyOutput sink_properties=device.description="Virtual_Dummy_Output"

# Create virtual microphone output, used to play media into the "microphone"
pactl load-module module-null-sink sink_name=MicOutput sink_properties=device.description="Virtual_Microphone_Output"

# Set the default source device (for future sources) to use the monitor of the virtual microphone output
pacmd set-default-source MicOutput.monitor

# Create a virtual audio source linked up to the virtual microphone output
pacmd load-module module-virtual-source source_name=VirtualMic

# Allow pulse audio to be accssed via TCP (from localhost only), to allow other users to access the virtual devices
pacmd load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1

# Configure the "seluser" user to use the network virtual soundcard
mkdir -p /home/seluser/.pulse
echo "default-server = 127.0.0.1" > /home/seluser/.pulse/client.conf
chown seluser:seluser /home/seluser/.pulse -R


# Start Selenium-Chrome-Standalone
/opt/bin/entry_point.sh

Because I want to use the audio device in a Selenium-controlled instance of Chrome, which is run as the "seluser" user, I needed to expose the virtual soundcard via TCP (for localhost connections only), and then configure the seluser to use that networked soundcard. No additional setup is required. The virtual source is the only audio input device on the Docker image, so Chrome will use it automatically. All that remains is building and running the docker container.

Playing the audio

Once the container is running, I used paplay to send media into the virtual output device, which I named "MicOutput" above. That can be triggered via an exec command:

docker exec -t -i TestContainerName paplay --device=MicOutput /opt/media/audio2.wav

And that's it.

Of course, I also needed to use "--use-fake-ui-for-media-stream" option in the Chrome Capbilities when configuring my Selenium WebDriver, to let Selenium use the device without asking, but had to make sure not to use the "--use-fake-device-for-media-stream" option, as that would replace the fake input device with Chrome's built-in one.

Thanks to spacepickle's answer to this question for putting me on the right track, and Eli Billauer's post on using Pulse audio for multiple users

Update

Best Answer

Source

Related Solutions

Linux – Emulating microphone input to Chrome inside Docker container

Setting up the docker container

Playing the audio

Related Question