Harden sandbox browser startup in containers

dcramer · codex · dcramer · commit 32b18f5fbf3e · 2026-02-23T20:41:01.000-08:00
Co-Authored-By: GPT-5 Codex &lt;codex@openai.com&gt;
diff --git a/src/ash/browser/providers/sandbox.py b/src/ash/browser/providers/sandbox.py
@@ -779,13 +779,12 @@ async def _launch_runtime(self) -> _RemoteSandboxRuntime:
                 )
                 break
             port = self._pick_port()
+            flags = " ".join(self._CHROMIUM_RUNTIME_FLAGS)
             launch_cmd = (
                 f"mkdir -p {shlex.quote(base_dir)} && "
+                f"(rm -rf {shlex.quote(base_dir)}/profile/WidevineCdm >/dev/null 2>&1 || true) && "
                 "nohup chromium "
-                "--headless=new "
-                "--no-sandbox "
-                "--disable-dev-shm-usage "
-                "--disable-gpu "
+                f"{flags} "
                 "--remote-debugging-address=127.0.0.1 "
                 f"--remote-debugging-port={port} "
                 f"--user-data-dir={shlex.quote(base_dir)}/profile "
@@ -1040,3 +1039,22 @@ async def _execute_sandbox_command(
     _MAX_LAUNCH_TOTAL_SECONDS = 45.0
     _HTTP_READY_TIMEOUT_SECONDS = 12.0
     _WS_READY_TIMEOUT_SECONDS = 8.0
+    _CHROMIUM_RUNTIME_FLAGS = (
+        "--headless=new",
+        "--no-sandbox",
+        "--disable-setuid-sandbox",
+        "--disable-dev-shm-usage",
+        "--disable-gpu",
+        "--no-first-run",
+        "--no-default-browser-check",
+        "--disable-sync",
+        "--disable-background-networking",
+        "--disable-component-update",
+        "--disable-features=Translate,MediaRouter",
+        "--disable-session-crashed-bubble",
+        "--hide-crash-restore-bubble",
+        "--password-store=basic",
+        "--disable-breakpad",
+        "--disable-crash-reporter",
+        "--metrics-recording-only",
+    )
diff --git a/tests/test_browser_sandbox_provider.py b/tests/test_browser_sandbox_provider.py
@@ -117,6 +117,11 @@ async def test_sandbox_provider_uses_executor_for_full_flow() -> None:
 
     await provider.close_session(provider_session_id="s1")
     assert any("nohup chromium" in cmd for cmd in executor.commands)
+    launch_cmd = next(cmd for cmd in executor.commands if "nohup chromium" in cmd)
+    assert "--disable-component-update" in launch_cmd
+    assert "--disable-background-networking" in launch_cmd
+    assert "--disable-features=Translate,MediaRouter" in launch_cmd
+    assert "rm -rf " in launch_cmd and "/profile/WidevineCdm" in launch_cmd
     assert any("/json/version" in cmd for cmd in executor.commands)
     assert any("kill 12345" in cmd for cmd in executor.commands)
 
