Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: ActiveDoc initialization failed #177

Closed
Vladimir-Va opened this issue Apr 5, 2022 · 14 comments
Closed

Error: ActiveDoc initialization failed #177

Vladimir-Va opened this issue Apr 5, 2022 · 14 comments

Comments

@Vladimir-Va
Copy link
Contributor

Hello i resetup new gristlabs/grist:v0.7.7
Log:

2022-04-05 08:57:34.776 - info: Client onMessage '{"reqId":2,"method":"applyUserActions","args":[0,[["AddRecord","Table1",null,{"A... (95 length)' email=my@email@com, userId=5, age=0, org=MyOrg, clientId=ff5ea57c1174ee0a, counter=3
2022-04-05 08:57:34.778 - debug: activeDocMethod access=owners, userId=5, email=my@email@com, age=0, org=MyOrg, clientId=ff5ea57c1174ee0a, counter=3, docId=jJfa3ci5Ey9QpYkfKY5dvw, docMethod=applyUserActions
2022-04-05 08:57:34.780 - warn: Client Error Error: ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed
    at ActiveDoc.<anonymous> (/_build/app/server/lib/ActiveDoc.js:1653:31)
    at Generator.throw (<anonymous>)
    at rejected (/_build/app/server/lib/ActiveDoc.js:20:65)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)  email=my@email@com, userId=5, age=0, org=MyOrg, clientId=ff5ea57c1174ee0a, counter=3
2022-04-05 08:57:34.781 - warn: Client responding to #2 ERROR ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed email=my@email@com, userId=5, age=0, org=MyOrg, clientId=ff5ea57c1174ee0a, counter=3
2022-04-05 08:57:34.822 - debug: Auth[POST]: id 5 email my@email@com host my.grist.app path /log org MyOrg
2022-04-05 08:57:34.825 - warn: client error stack=Error: ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed
    at u._onServerMessage (https://my.grist.app/v/unknown/main.bundle.js:113:741654)
    at v (https://my.grist.app/v/unknown/main.bundle.js:6:187255)
    at g (https://my.grist.app/v/unknown/main.bundle.js:6:187047)
    at d (https://my.grist.app/v/unknown/main.bundle.js:6:185000)
    at m.c.trigger (https://my.grist.app/v/unknown/main.bundle.js:6:186940)
    at m.onmessage (https://my.grist.app/v/unknown/main.bundle.js:113:777260), message=ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed, page=https://my.grist.app/jJfa3ci5Ey9Q/Untitled-document, language=ru-RU, platform=Win32, userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36, org=MyOrg, email=my@email@com, userId=5

.Env:

# gristlabs/grist:v0.7.7
GRIST_ORG_IN_PATH=true
GRIST_HOST=0.0.0.0
GRIST_SINGLE_PORT=true
GRIST_SERVE_SAME_ORIGIN=true
GRIST_DATA_DIR=/myorg
GRIST_INST_DIR=/persist
GRIST_SESSION_COOKIE=MyOrg
TYPEORM_DATABASE=/persist/home.sqlite3
GRIST_DEFAULT_EMAIL=my@email@com
GRIST_SINGLE_ORG=MyOrg
GRIST_ADAPT_DOMAIN=false
APP_HOME_URL=https://my.grist.app
APP_DOC_URL=https://my.grist.app
APP_DOC_INTERNAL_URL=https://my.grist.app
GRIST_SAML_SP_HOST=https://my.grist.app
GRIST_SAML_IDP_LOGIN=https://authentik.app/application/saml/my-grist-app/sso/binding/redirect/
GRIST_SAML_IDP_LOGOUT=https://authentik.app/if/session-end/my-grist-app/
GRIST_SAML_IDP_CERTS=persist/my.grist.app_certificate.pem
GRIST_SAML_IDP_UNENCRYPTED=1
GRIST_SAML_SP_KEY=persist/my.grist.app_private_key.pem
GRIST_SAML_SP_CERT=persist/my.grist.app_certificate.pem

And maybe is bcs GRIST_SANDBOX=gvisor?
@paulfitz
Copy link
Member

paulfitz commented Apr 5, 2022
edited

Thanks for reporting this!

We did change sandboxing in v0.7.7 to turn on by default. You can get the old behavior back by setting GRIST_SANDBOX_FLAVOR=unsandboxed. [edit: typo corrected from GRIST_SANDBOX]

I'd be very interested in what is causing this failure. If you still have the error log, is there any chance you could look for an earlier failure? The log pasted just shows a record of the message passed to the client, not the original problem.

Are you running Grist within a docker container?

@Vladimir-Va
Copy link
Contributor Author

Vladimir-Va commented Apr 5, 2022
edited

Thank you @paulfitz and you team for Grist!
I've been struggling with v0.7.7 for days now. The container has already been rebuilt 10 times since the report.
The steps are:

  1. authentication
  2. Create new doc
  3. Try add some info in cell
  4. Error: ActiveDoc initialization failed
  5. The cell remains empty

Hope I can run
In GRIST_ORG_IN_PATH=true
mode
without
GRIST_SINGLE_ORG=MyOrg
Is impossible now?
Or I need delete (I've seen this advice in previous posts)
APP_HOME_URL=https://my.grist.app
APP_DOC_URL=https://my.grist.app
and set
GRIST_SANDBOX=unsandboxed
?

@paulfitz
Copy link
Member

paulfitz commented Apr 5, 2022
edited

The ActiveDoc initialization failed error you posted is likely a sandbox error, in which case I would expect GRIST_SANDBOX_FLAVOR=unsandboxed [edit: fixed typo] to resolve it. I'd still be interested in the root cause of the error, which I'd guess would be some nuance in the permissions under which the container is running (but I could be wrong). But I understand it can be hard to navigate the logs.

The GRIST_ORG_IN_PATH/GRIST_SINGLE_ORG question feels like something separate to the ActiveDoc initialization failed problem? It should be doable.

@paulfitz
Copy link
Member

paulfitz commented Apr 5, 2022

@Vladimir-Va I looked at GRIST_ORG_IN_PATH and I see a problem, sorry about that. Will work on a fix.

@Vladimir-Va
Copy link
Contributor Author

I try to reproduce:
part 1. But another result Not Found (next part 2)
https://authentik.app/application/saml/my-grist-app/sso/binding/redirect/?SAMLRequest=VERYLONGHASH
BCS slug my-grist-app must be myorg-grist-app

+++ dirname -- ./sandbox/gvisor/update_engine_checkpoint.sh
++ cd -- ./sandbox/gvisor
++ pwd
+ SCRIPT_DIR=/sandbox/gvisor
+ export NODE_PATH=_build:_build/core:_build/stubs
+ NODE_PATH=_build:_build/core:_build/stubs
+ source /sandbox/gvisor/get_checkpoint_path.sh
++ check_gvisor --unprivileged --ignore-cgroups
++ [[ -n -unprivileged -ignore-cgroups ]]
�
n
++ check_gvisor --unprivileged
++ [[ -n -unprivileged -ignore-cgroups ]]
�
n
++ [[ -z -unprivileged -ignore-cgroups ]]
+++ echo /
+++ sed 's/[^a-zA-Z0-9]/_/g'
++ export GRIST_CHECKPOINT=/tmp/engine__
++ GRIST_CHECKPOINT=/tmp/engine__
+ [[ -z GRIST_CHECKPOINT ]]
+ export GRIST_CHECKPOINT_MAKE=1
+ GRIST_CHECKPOINT_MAKE=1
+ export GRIST_SANDBOX_FLAVOR=gvisor
+ GRIST_SANDBOX_FLAVOR=gvisor
+ export PYTHON_VERSION=3
+ PYTHON_VERSION=3
++ test -e _build/core
++ echo _build
+ BUILD=_build
+ node _build/app/server/generateCheckpoint.js
2022-04-05 19:46:18.650 - debug: 3-pipe Sandbox started sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.240 - info: Sandbox stderr: Ready message: running container: creating container: waiting for sandbox to start: EOF sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.289 - info: Sandbox stderr: loading container: file does not exist sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.299 - info: Sandbox stderr: Traceback (most recent call last): sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.300 - info: Sandbox stderr:   File "//sandbox/gvisor/run.py", line 263, in <module> sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.302 - info: Sandbox stderr:     raise Exception('gvisor runsc checkpointing problem: ' + json.dumps(command)) sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.303 - info: Sandbox stderr: Exception: gvisor runsc checkpointing problem: ["runsc", "-root", "/tmp/runsc", "-unprivileged", "-ignore-cgroups", "-network", "none", "checkpoint", "--image-path=/tmp/engine__", "_tmp_tmpjwbl8wp7"] sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.343 - debug: Sandbox exited with code 1 signal null sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
yarn run v1.22.17
$ NODE_PATH=_build:_build/stubs node _build/stubs/app/server/server.js
Welcome to Grist.
2022-04-05 19:46:51.231 - info: == Grist version is 0.1.1 (commit unknown)
2022-04-05 19:46:51.255 - info: Loading empty config because /persist/config.json missing
2022-04-05 19:46:51.303 - info: SamlConfig set with host https://myorg.grist.app, IdP https://authentik.app/application/saml/my-grist-app/sso/binding/redirect/
2022-04-05 19:46:51.360 - warn: did not find an appropriately named example workspace in deployment
2022-04-05 19:46:51.370 - info: No plugins directory: ENOENT: no such file or directory, scandir '/.grist/plugins'
2022-04-05 19:46:51.413 - info: Found 1 valid plugins on the system
2022-04-05 19:46:51.414 - debug: PLUGIN builtIn/core -- /plugins/core
2022-04-05 19:46:51.500 - info: Server timeouts: keepAliveTimeout 305000 headersTimeout 306000
2022-04-05 19:46:51.572 - info: server(home,docs,static) available at 0.0.0.0:8484
2022-04-05 19:46:51.611 - warn: Failed to create GoogleAuth endpoint: GOOGLE_CLIENT_SECRET is not defined
2022-04-05 19:46:51.646 - info: == appRoot: /
2022-04-05 19:46:51.646 - info: == docsRoot: /myorg
2022-04-05 19:46:51.647 - info: == defaultBaseDomain: .grist.app
2022-04-05 19:46:51.647 - info: == pluginUrl: undefined
2022-04-05 19:46:51.648 - info: == instanceRoot: /persist
2022-04-05 19:46:51.649 - info: == tag: unknown
2022-04-05 19:46:51.649 - info: == database: sqlite:///persist/home.sqlite3
2022-04-05 19:46:51.650 - info: == userRoot: /.grist
2022-04-05 19:46:51.651 - info: == loginMiddlewareComment: saml
2022-04-05 19:46:51.651 - info: == s3: disabled
2022-04-05 19:46:51.652 - info: == docWorkerId: testDocWorkerId_8484
2022-04-05 19:46:51.678 - info: activity docCount=0, orgCount=1, orgInGoodStandingCount=1, userCount=5, userWithLoginCount=5
##### I Stop and restart container
2022-04-05 19:46:20.289 - info: Sandbox stderr: loading container: file does not exist sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.299 - info: Sandbox stderr: Traceback (most recent call last): sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.300 - info: Sandbox stderr:   File "//sandbox/gvisor/run.py", line 263, in <module> sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.302 - info: Sandbox stderr:     raise Exception('gvisor runsc checkpointing problem: ' + json.dumps(command)) sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.303 - info: Sandbox stderr: Exception: gvisor runsc checkpointing problem: ["runsc", "-root", "/tmp/runsc", "-unprivileged", "-ignore-cgroups", "-network", "none", "checkpoint", "--image-path=/tmp/engine__", "_tmp_tmpjwbl8wp7"] sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
2022-04-05 19:46:20.343 - debug: Sandbox exited with code 1 signal null sandboxPid=24, flavor=gvisor, command=undefined, entryPoint=(default)
yarn run v1.22.17
$ NODE_PATH=_build:_build/stubs node _build/stubs/app/server/server.js
Welcome to Grist.
2022-04-05 19:46:51.231 - info: == Grist version is 0.1.1 (commit unknown)
2022-04-05 19:46:51.255 - info: Loading empty config because /persist/config.json missing
2022-04-05 19:46:51.303 - info: SamlConfig set with host https://myorg.grist.app, IdP https://authentik.app/application/saml/my-grist-app/sso/binding/redirect/
2022-04-05 19:46:51.360 - warn: did not find an appropriately named example workspace in deployment
2022-04-05 19:46:51.370 - info: No plugins directory: ENOENT: no such file or directory, scandir '/.grist/plugins'
2022-04-05 19:46:51.413 - info: Found 1 valid plugins on the system
2022-04-05 19:46:51.414 - debug: PLUGIN builtIn/core -- /plugins/core
2022-04-05 19:46:51.500 - info: Server timeouts: keepAliveTimeout 305000 headersTimeout 306000
2022-04-05 19:46:51.572 - info: server(home,docs,static) available at 0.0.0.0:8484
2022-04-05 19:46:51.611 - warn: Failed to create GoogleAuth endpoint: GOOGLE_CLIENT_SECRET is not defined
2022-04-05 19:46:51.646 - info: == appRoot: /
2022-04-05 19:46:51.646 - info: == docsRoot: /myorg
2022-04-05 19:46:51.647 - info: == defaultBaseDomain: .grist.app
2022-04-05 19:46:51.647 - info: == pluginUrl: undefined
2022-04-05 19:46:51.648 - info: == instanceRoot: /persist
2022-04-05 19:46:51.649 - info: == tag: unknown
2022-04-05 19:46:51.649 - info: == database: sqlite:///persist/home.sqlite3
2022-04-05 19:46:51.650 - info: == userRoot: /.grist
2022-04-05 19:46:51.651 - info: == loginMiddlewareComment: saml
2022-04-05 19:46:51.651 - info: == s3: disabled
2022-04-05 19:46:51.652 - info: == docWorkerId: testDocWorkerId_8484
2022-04-05 19:46:51.678 - info: activity docCount=0, orgCount=1, orgInGoodStandingCount=1, userCount=5, userWithLoginCount=5
2022-04-05 19:47:32.855 myorg.grist.app POST /saml/assert 400 193.587 ms - 717
2022-04-05 19:47:32.983 myorg.grist.app GET /v/unknown/errorPages.bundle.js 304 13.020 ms - -
2022-04-05 19:47:32.997 myorg.grist.app GET /v/unknown/icons/icons.css 304 22.015 ms - -
2022-04-05 19:47:33.368 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path /session/access/active org myorg
2022-04-05 19:47:33.388 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path /session/access/all org myorg
2022-04-05 19:47:33.454 myorg.grist.app GET /v/unknown/icons/favicon.png 304 92.726 ms - -
2022-04-05 19:47:33.663 myorg.grist.app GET /o/myorg/api/session/access/all 304 166.983 ms - -
2022-04-05 19:47:33.737 myorg.grist.app GET /o/myorg/api/session/access/active 304 219.745 ms - -
2022-04-05 19:47:36.515 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:47:36.612 - debug: Authorizer: redirecting to sign up
2022-04-05 19:47:36.887 myorg.grist.app GET / 302 375.626 ms - 3098
2022-04-05 19:47:40.204 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:47:40.258 - debug: Authorizer: redirecting to sign up
2022-04-05 19:47:40.408 myorg.grist.app GET / 302 190.068 ms - 3026
2022-04-05 19:47:46.444 myorg.grist.app GET /signin?next=%2Fsaml%2Fassert 302 226.604 ms - 3090
2022-04-05 19:47:53.171 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:47:53.247 - debug: Authorizer: redirecting to sign up
2022-04-05 19:47:53.364 myorg.grist.app GET / 302 181.141 ms - 3046
2022-04-05 19:48:03.083 myorg.grist.app POST /saml/assert 400 29.063 ms - 717
2022-04-05 19:48:03.206 myorg.grist.app GET /v/unknown/icons/icons.css 200 28.499 ms - 165797
2022-04-05 19:48:03.862 myorg.grist.app GET /v/unknown/errorPages.bundle.js 200 61.068 ms - 3256619
2022-04-05 19:48:04.316 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path /session/access/active org myorg
2022-04-05 19:48:04.331 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path /session/access/all org myorg
2022-04-05 19:48:04.482 myorg.grist.app GET /o/myorg/api/session/access/all 200 177.739 ms - 109
2022-04-05 19:48:04.486 myorg.grist.app GET /v/unknown/icons/favicon.png 200 173.265 ms - 15365
2022-04-05 19:48:04.499 myorg.grist.app GET /o/myorg/api/session/access/active 200 190.526 ms - 157
2022-04-05 19:48:04.526 myorg.grist.app GET /v/unknown/icons/favicon.png 200 4.877 ms - 15365
2022-04-05 19:48:10.117 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:48:10.167 - debug: Authorizer: redirecting to sign up
2022-04-05 19:48:10.294 myorg.grist.app GET / 302 161.650 ms - 3054
2022-04-05 19:48:13.496 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:48:13.552 - debug: Authorizer: redirecting to sign up
2022-04-05 19:48:13.667 myorg.grist.app GET / 302 166.618 ms - 3038
2022-04-05 19:48:17.335 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:48:17.379 - debug: Authorizer: redirecting to sign up
2022-04-05 19:48:17.509 myorg.grist.app GET / 302 163.693 ms - 3050
2022-04-05 19:48:21.865 myorg.grist.app GET /signin?next=%2Fsaml%2Fassert 302 101.909 ms - 3050
2022-04-05 19:49:21.581 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:49:21.626 - debug: Authorizer: redirecting to sign up
2022-04-05 19:49:21.754 myorg.grist.app GET / 302 166.462 ms - 3054
2022-04-05 19:49:33.982 myorg.grist.app POST /saml/assert 400 11.150 ms - 717
2022-04-05 19:49:34.070 myorg.grist.app GET /v/unknown/icons/icons.css 304 4.262 ms - -
2022-04-05 19:49:34.073 myorg.grist.app GET /v/unknown/errorPages.bundle.js 304 4.792 ms - -
2022-04-05 19:49:34.440 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path /session/access/all org myorg
2022-04-05 19:49:34.493 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path /session/access/active org myorg
2022-04-05 19:49:34.510 myorg.grist.app GET /v/unknown/icons/favicon.png 304 8.344 ms - -
2022-04-05 19:49:34.516 myorg.grist.app GET /o/myorg/api/session/access/all 304 82.485 ms - -
2022-04-05 19:49:34.563 myorg.grist.app GET /o/myorg/api/session/access/active 304 125.572 ms - -
2022-04-05 19:50:04.174 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:50:04.218 - debug: Authorizer: redirecting to sign up
2022-04-05 19:50:04.347 myorg.grist.app GET / 302 149.178 ms - 3050
2022-04-05 19:51:10.606 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:51:10.649 - debug: Authorizer: redirecting to sign up
2022-04-05 19:51:10.923 myorg.grist.app GET / 302 150.007 ms - 1517
2022-04-05 19:51:16.891 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:51:16.966 - debug: Authorizer: redirecting to sign up
2022-04-05 19:51:17.107 myorg.grist.app GET / 302 205.644 ms - 3042
2022-04-05 19:51:32.415 myorg.grist.app GET /signin?next=%2Fsaml%2Fassert 302 101.476 ms - 3074
2022-04-05 19:51:39.637 myorg.grist.app POST /saml/assert 400 9.971 ms - 717
2022-04-05 19:51:39.729 myorg.grist.app GET /v/unknown/icons/icons.css 304 4.199 ms - -
2022-04-05 19:51:39.732 myorg.grist.app GET /v/unknown/errorPages.bundle.js 304 4.876 ms - -
2022-04-05 19:51:40.085 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path /session/access/active org myorg
2022-04-05 19:51:40.093 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path /session/access/all org myorg
2022-04-05 19:51:40.150 myorg.grist.app GET /v/unknown/icons/favicon.png 304 2.907 ms - -
2022-04-05 19:51:40.223 myorg.grist.app GET /o/myorg/api/session/access/all 304 140.413 ms - -
2022-04-05 19:51:40.240 myorg.grist.app GET /o/myorg/api/session/access/active 304 161.357 ms - -
2022-04-05 19:51:41.999 - debug: Auth[GET]: id 1 email anon@getgrist.com host myorg.grist.app path / org myorg
2022-04-05 19:51:42.042 - debug: Authorizer: redirecting to sign up
2022-04-05 19:51:42.161 myorg.grist.app GET / 302 160.413 ms - 3034

part 2. I change slug

2022-04-05T20:12:44.518417375Z 2022-04-05 20:12:44.517 myorg.grist.app GET /o/myorg/api/templates?onlyFeatured=1 404 129.215 ms - 34
2022-04-05T20:12:44.633684450Z 2022-04-05 20:12:44.633 myorg.grist.app GET /o/myorg/api/orgs/3/workspaces?includeSupport=1 200 260.949 ms - 382
2022-04-05T20:12:44.667980444Z 2022-04-05 20:12:44.667 - debug: Auth[GET]: id 5 email mail@mail.com host myorg.grist.app path /docs/2uG1aEzuv6VjFGj4KRtR5Z org myorg
2022-04-05T20:12:44.776893711Z 2022-04-05 20:12:44.776 myorg.grist.app GET /o/myorg/api/docs/2uG1aEzuv6VjFGj4KRtR5Z 200 104.174 ms - 854
2022-04-05T20:12:44.821030371Z 2022-04-05 20:12:44.820 - debug: Auth[GET]: id 5 email mail@mail.com host myorg.grist.app path /2uG1aEzuv6Vj/Untitled-document org myorg
2022-04-05T20:12:44.931133287Z 2022-04-05 20:12:44.930 myorg.grist.app GET /2uG1aEzuv6Vj/Untitled-document 200 96.212 ms - 4384
2022-04-05T20:12:45.013592860Z 2022-04-05 20:12:45.013 myorg.grist.app GET /v/unknown/hljs.default.css 304 18.600 ms - -
2022-04-05T20:12:45.015725567Z 2022-04-05 20:12:45.015 myorg.grist.app GET /v/unknown/bundle.css 304 18.971 ms - -
2022-04-05T20:12:45.017795029Z 2022-04-05 20:12:45.017 myorg.grist.app GET /v/unknown/icons/icons.css 304 19.196 ms - -
2022-04-05T20:12:45.021781565Z 2022-04-05 20:12:45.021 myorg.grist.app GET /v/unknown/main.bundle.js 304 13.401 ms - -
2022-04-05T20:12:45.023845054Z 2022-04-05 20:12:45.023 myorg.grist.app GET /v/unknown/browser-check.js 304 13.614 ms - -
2022-04-05T20:12:45.026085180Z 2022-04-05 20:12:45.025 myorg.grist.app GET /v/unknown/jqueryui/themes/smoothness/jquery-ui.css 304 36.945 ms - -
2022-04-05T20:12:45.028198154Z 2022-04-05 20:12:45.027 myorg.grist.app GET /v/unknown/bootstrap/dist/css/bootstrap.min.css 304 37.166 ms - -
2022-04-05T20:12:45.055482796Z 2022-04-05 20:12:45.029 myorg.grist.app GET /v/unknown/bootstrap-datepicker/dist/css/bootstrap-datepicker3.min.css 304 37.391 ms - -
2022-04-05T20:12:45.055692032Z 2022-04-05 20:12:45.032 myorg.grist.app GET /v/unknown/jquery/dist/jquery.min.js 304 31.759 ms - -
2022-04-05T20:12:45.055807042Z 2022-04-05 20:12:45.034 myorg.grist.app GET /v/unknown/jqueryui/jquery-ui.min.js 304 31.935 ms - -
2022-04-05T20:12:45.055910970Z 2022-04-05 20:12:45.036 myorg.grist.app GET /v/unknown/bootstrap/dist/js/bootstrap.min.js 304 32.075 ms - -
2022-04-05T20:12:45.056013864Z 2022-04-05 20:12:45.038 myorg.grist.app GET /v/unknown/bootstrap-datepicker/dist/js/bootstrap-datepicker.min.js 304 32.221 ms - -
2022-04-05T20:12:45.078688442Z 2022-04-05 20:12:45.078 myorg.grist.app GET /v/unknown/img/gplaypattern.png 304 1.754 ms - -
2022-04-05T20:12:45.180517034Z 2022-04-05 20:12:45.180 myorg.grist.app GET /v/unknown/icons/favicon.png 304 1.771 ms - -
2022-04-05T20:12:45.182079214Z 2022-04-05 20:12:45.181 - debug: Auth[GET]: id 5 email mail@mail.com host myorg.grist.app path /session/access/active org myorg
2022-04-05T20:12:45.236519947Z 2022-04-05 20:12:45.236 - debug: Auth[GET]: id 5 email mail@mail.com host myorg.grist.app path /session/access/all org myorg
2022-04-05T20:12:45.300547217Z 2022-04-05 20:12:45.300 - debug: Auth[GET]: id 5 email mail@mail.com host myorg.grist.app path /worker/2uG1aEzuv6VjFGj4KRtR5Z org myorg
2022-04-05T20:12:45.310783918Z 2022-04-05 20:12:45.310 myorg.grist.app GET /o/myorg/api/session/access/active 304 128.263 ms - -
2022-04-05T20:12:45.370959429Z 2022-04-05 20:12:45.370 myorg.grist.app GET /o/myorg/api/worker/2uG1aEzuv6VjFGj4KRtR5Z 200 134.692 ms - 55
2022-04-05T20:12:45.372656966Z 2022-04-05 20:12:45.372 myorg.grist.app GET /o/myorg/api/session/access/all 304 143.620 ms - -
2022-04-05T20:12:45.385230248Z 2022-04-05 20:12:45.384 - debug: Auth[GET]: id 5 email mail@mail.com host myorg.grist.app path /docs/2uG1aEzuv6Vj org myorg
2022-04-05T20:12:45.503184968Z 2022-04-05 20:12:45.502 - info: Comm: Got WebSocket connection: /dw/self/v/unknown/o/myorg?clientId=0&counter=1&newClient=1&browserSettings=%7B%22timezone%22%3A%22Some%2FSome%22%7D&user=mail%40mail.com
2022-04-05T20:12:45.511862913Z 2022-04-05 20:12:45.511 - info: Comm Client 593135c320ba13fb #1: new client
2022-04-05T20:12:45.512722963Z 2022-04-05 20:12:45.512 - info: Comm Client 593135c320ba13fb #1: using session g-gDDFSbpm5vSrREg4a7guhL
2022-04-05T20:12:45.516019132Z 2022-04-05 20:12:45.515 - debug: Comm Client 593135c320ba13fb #1: sending clientConnect with 0 missed messages
2022-04-05T20:12:45.577539363Z 2022-04-05 20:12:45.576 myorg.grist.app GET /o/myorg/api/docs/2uG1aEzuv6Vj 200 201.234 ms - 854
2022-04-05T20:12:45.656333733Z 2022-04-05 20:12:45.655 - info: Client onMessage '{"reqId":0,"method":"openDoc","args":["2uG1aEzuv6VjFGj4KRtR5Z","default",null]}' email=mail@mail.com, org=myorg, clientId=593135c320ba13fb, counter=1
2022-04-05T20:12:45.752194699Z 2022-04-05 20:12:45.673 - debug: DocManager.openDoc Authorizer key { urlId: '2uG1aEzuv6VjFGj4KRtR5Z', userId: 5, org: 'myorg' }
2022-04-05T20:12:45.752497636Z 2022-04-05 20:12:45.675 - debug: DocManager.fetchDoc 2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:45.795935742Z 2022-04-05 20:12:45.795 - debug: ActiveDoc loadDoc access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:45.805144905Z 2022-04-05 20:12:45.804 - debug: Comm Client 593135c320ba13fb #1: clientConnect sent successfully
2022-04-05T20:12:45.809057850Z 2022-04-05 20:12:45.808 - debug: ActiveDoc createDoc access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.065751465Z 2022-04-05 20:12:46.065 - debug: DB 2uG1aEzuv6VjFGj4KRtR5Z open successfully
2022-04-05T20:12:46.191583197Z 2022-04-05 20:12:46.190 - debug: ActiveDoc Loading 21 normal tables, skipping 0 on-demand tables access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.194245467Z 2022-04-05 20:12:46.193 - debug: ActiveDoc Normal tables: Table1, _grist_ACLMemberships, _grist_ACLPrincipals, _grist_ACLResources, _grist_ACLRules, _grist_Attachments, _grist_DocInfo, _grist_External_database, _grist_External_table, _grist_Filters, _grist_Imports, _grist_Pages, _grist_REPL_Hist, _grist_TabBar, _grist_TabItems, _grist_TableViews, _grist_Triggers, _grist_Validations, _grist_Views, _grist_Views_section, _grist_Views_section_field access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.196601356Z 2022-04-05 20:12:46.195 - debug: ActiveDoc On-demand tables:  access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.199114011Z 2022-04-05 20:12:46.198 - debug: ActiveDoc starting to load 20 tables: _grist_ACLMemberships, _grist_ACLPrincipals, _grist_ACLResources, _grist_ACLRules, _grist_Attachments, _grist_DocInfo, _grist_External_database, _grist_External_table, _grist_Filters, _grist_Imports, _grist_Pages, _grist_REPL_Hist, _grist_TabBar, _grist_TabItems, _grist_TableViews, _grist_Triggers, _grist_Validations, _grist_Views, _grist_Views_section, _grist_Views_section_field access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.879439697Z 2022-04-05 20:12:46.878 - debug: 3-pipe Sandbox started sandboxPid=81, flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.954148299Z 2022-04-05 20:12:46.953 - debug: DocClients now 1 clients; new client is 593135c320ba13fb (fd 0) access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.955850047Z 2022-04-05 20:12:46.955 - info: ActiveDoc will stay open access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.958068474Z 2022-04-05 20:12:46.957 - info: ActiveDoc fetchMetaTables access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:46.979466102Z 2022-04-05 20:12:46.978 - debug: Time taken in getRecentMinimalActionGroups: 0 ms
2022-04-05T20:12:47.016436202Z 2022-04-05 20:12:47.015 - info: Client onMessage '{"reqId":1,"method":"fetchTable","args":[0,"Table1"]}' email=mail@mail.com, userId=5, age=0, org=myorg, clientId=593135c320ba13fb, counter=1
2022-04-05T20:12:47.020197953Z 2022-04-05 20:12:47.019 - debug: activeDocMethod access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z, docMethod=fetchTable
2022-04-05T20:12:47.025359976Z 2022-04-05 20:12:47.024 - info: ActiveDoc fetchQuery {"tableId":"Table1","filters":{}} (regular) access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:47.030395556Z 2022-04-05 20:12:47.029 - info: ActiveDoc fetchQuery -> 0 rows, cols: manualSort, A, B, C access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:47.102217270Z 2022-04-05 20:12:47.101 myorg.grist.app GET /v/unknown/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2 200 34.766 ms - 18028
2022-04-05T20:12:48.869007517Z 2022-04-05 20:12:48.868 - info: Sandbox stderr: running container: creating container: waiting for sandbox to start: EOF sandboxPid=81, flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:48.876314231Z 2022-04-05 20:12:48.875 - info: Sandbox stderr: Traceback (most recent call last): sandboxPid=81, flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:48.877491355Z 2022-04-05 20:12:48.876 - info: Sandbox stderr:   File "//sandbox/gvisor/run.py", line 242, in <module> sandboxPid=81, flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:48.878869010Z 2022-04-05 20:12:48.878 - info: Sandbox stderr:     raise Exception('gvisor runsc problem: ' + json.dumps(command)) sandboxPid=81, flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:48.880201463Z 2022-04-05 20:12:48.879 - info: Sandbox stderr: Exception: gvisor runsc problem: ["runsc", "-root", "/tmp/runsc", "-unprivileged", "-ignore-cgroups", "-network", "none", "restore", "--image-path=/tmp/engine__", "_tmp_tmpe4ud35ew"] sandboxPid=81, flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:48.907796344Z 2022-04-05 20:12:48.907 - debug: Sandbox pyCall[load_meta_tables] took 2027 ms sandboxPid=81, flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:48.925788854Z 2022-04-05 20:12:48.925 - warn: ActiveDoc _finishInitialization stopped with SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed
2022-04-05T20:12:48.926049604Z     at NSandbox.<anonymous> (/_build/app/server/lib/NSandbox.js:148:23)
2022-04-05T20:12:48.926353808Z     at Generator.throw (<anonymous>)
2022-04-05T20:12:48.926598344Z     at rejected (/_build/app/server/lib/NSandbox.js:6:65)
2022-04-05T20:12:48.926727298Z     at runMicrotasks (<anonymous>)
2022-04-05T20:12:48.926822779Z     at processTicksAndRejections (internal/process/task_queues.js:95:5) access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:48.949366410Z (node:69) UnhandledPromiseRejectionWarning: Error: ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed
2022-04-05T20:12:48.949653539Z     at ActiveDoc.<anonymous> (/_build/app/server/lib/ActiveDoc.js:1653:31)
2022-04-05T20:12:48.949888624Z     at Generator.throw (<anonymous>)
2022-04-05T20:12:48.950067333Z     at rejected (/_build/app/server/lib/ActiveDoc.js:20:65)
2022-04-05T20:12:48.950189667Z     at runMicrotasks (<anonymous>)
2022-04-05T20:12:48.950287817Z     at processTicksAndRejections (internal/process/task_queues.js:95:5)
2022-04-05T20:12:48.950427169Z (Use `node --trace-warnings ...` to show where the warning was created)
2022-04-05T20:12:48.950619863Z (node:69) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 5)
2022-04-05T20:12:48.950831644Z (node:69) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
2022-04-05T20:12:48.952439252Z 2022-04-05 20:12:48.951 - debug: Sandbox exited with code 1 signal null sandboxPid=81, flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:49.361990751Z 2022-04-05 20:12:49.361 - debug: Subprocess control failure: Error: not found flavor=gvisor, command=undefined, entryPoint=(default), docId=2uG1aEzuv6VjFGj4KRtR5Z
2022-04-05T20:12:52.965499931Z 2022-04-05 20:12:52.964 - info: Client onMessage '{"reqId":2,"method":"applyUserActions","args":[0,[["AddRecord","Table1",null,{"A... (95 length)' email=mail@mail.com, userId=5, age=0, org=myorg, clientId=593135c320ba13fb, counter=1
2022-04-05T20:12:53.058918016Z 2022-04-05 20:12:53.058 - debug: activeDocMethod access=owners, userId=5, email=mail@mail.com, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, docId=2uG1aEzuv6VjFGj4KRtR5Z, docMethod=applyUserActions
2022-04-05T20:12:53.092579473Z (node:69) PromiseRejectionHandledWarning: Promise rejection was handled asynchronously (rejection id: 5)
2022-04-05T20:12:53.094923223Z 2022-04-05 20:12:53.094 - warn: Client Error Error: ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed
2022-04-05T20:12:53.095187579Z     at ActiveDoc.<anonymous> (/_build/app/server/lib/ActiveDoc.js:1653:31)
2022-04-05T20:12:53.095307044Z     at Generator.throw (<anonymous>)
2022-04-05T20:12:53.095460900Z     at rejected (/_build/app/server/lib/ActiveDoc.js:20:65)
2022-04-05T20:12:53.095596177Z     at runMicrotasks (<anonymous>)
2022-04-05T20:12:53.095692913Z     at processTicksAndRejections (internal/process/task_queues.js:95:5)  email=mail@mail.com, userId=5, age=0, org=myorg, clientId=593135c320ba13fb, counter=1
2022-04-05T20:12:53.096072542Z 2022-04-05 20:12:53.095 - warn: Client responding to #2 ERROR ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed email=mail@mail.com, userId=5, age=0, org=myorg, clientId=593135c320ba13fb, counter=1
2022-04-05T20:12:53.132155535Z 2022-04-05 20:12:53.131 - debug: Auth[POST]: id 5 email mail@mail.com host myorg.grist.app path /log org myorg
2022-04-05T20:12:53.137483380Z 2022-04-05 20:12:53.136 - warn: client error stack=Error: ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed
2022-04-05T20:12:53.137792397Z     at u._onServerMessage (https://myorg.grist.app/v/unknown/main.bundle.js:113:741654)
2022-04-05T20:12:53.138039497Z     at v (https://myorg.grist.app/v/unknown/main.bundle.js:6:187255)
2022-04-05T20:12:53.138272803Z     at g (https://myorg.grist.app/v/unknown/main.bundle.js:6:187047)
2022-04-05T20:12:53.138561143Z     at d (https://myorg.grist.app/v/unknown/main.bundle.js:6:185000)
2022-04-05T20:12:53.138796555Z     at m.c.trigger (https://myorg.grist.app/v/unknown/main.bundle.js:6:186940)
2022-04-05T20:12:53.139017644Z     at m.onmessage (https://myorg.grist.app/v/unknown/main.bundle.js:113:777260), message=ActiveDoc initialization failed: SandboxError: [Sandbox] [Sandbox] PipeFromSandbox is closed, page=https://myorg.grist.app/2uG1aEzuv6Vj/Untitled-document, language=ru-RU, platform=Win32, userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36, org=myorg, email=mail@mail.com, userId=5
2022-04-05T20:12:53.267036202Z 2022-04-05 20:12:53.266 myorg.grist.app POST /o/myorg/api/log 200 147.050 ms - -
2022-04-05T20:13:38.583625319Z 2022-04-05 20:13:38.582 - info: heartbeat email=mail@mail.com, userId=5, age=0, org=myorg, clientId=593135c320ba13fb, counter=1, url=https://myorg.grist.app/2uG1aEzuv6Vj/Untitled-document, docId=2uG1aEzuv6VjFGj4KRtR5Z

# gristlabs/grist:v0.7.7
GRIST_ORG_IN_PATH=true
GRIST_HOST=0.0.0.0
GRIST_SINGLE_PORT=true
GRIST_SERVE_SAME_ORIGIN=true
GRIST_DATA_DIR=/myorg
GRIST_INST_DIR=/persist
GRIST_SESSION_COOKIE=myorg
TYPEORM_DATABASE=/persist/home.sqlite3
GRIST_DEFAULT_EMAIL=mail@mail.com
GRIST_SINGLE_ORG=myorg
GRIST_ADAPT_DOMAIN=false
APP_HOME_URL=https://myorg.grist.app
APP_DOC_URL=https://myorg.grist.app
APP_DOC_INTERNAL_URL=https://myorg.grist.app
GRIST_SAML_SP_HOST=https://myorg.grist.app
GRIST_SAML_IDP_LOGIN=https://authentik.app/application/saml/my-grist-app/sso/binding/redirect/
GRIST_SAML_IDP_LOGOUT=https://authentik.app/if/session-end/my-grist-app/
GRIST_SAML_IDP_CERTS=persist/myorg.grist.app_certificate.pem
GRIST_SAML_IDP_UNENCRYPTED=1
GRIST_SAML_SP_KEY=persist/myorg.grist.app_private_key.pem
GRIST_SAML_SP_CERT=persist/myorg.grist.app_certificate.pem
DEBUG=1

@paulfitz
Copy link
Member

paulfitz commented Apr 5, 2022

The earliest problem I see is loading container: file does not exist which is a gvisor/runsc problem. It happens while Grist attempts to prepare a python3 sandbox for later use. I haven't seen this particular failure before within a docker container. Are there any details you could give me about how you run the Grist container that could help me replicate? Any flags passed to docker would be particularly useful, such as volumes mounted, or any custom security settings. Thanks for the environment variables.

I realize I copied an environment variable with a typo in an earlier answer. If you'd like to run without attempting gvisor sandboxing, set GRIST_SANDBOX_FLAVOR=unsandboxed (not GRIST_SANDBOX)

I didn't follow what you said about slugs, I'm sorry.

@helmut72
Copy link

helmut72 commented Apr 6, 2022

I guess I run into some kind of the same error, because GRIST_SANDBOX_FLAVOR=unsandboxed works with 0.7.7

2022-04-06 11:15:11.866 - info: Sandbox stderr: running container: starting container: restoring container "_tmp_tmp2vh2m6yf": incompatible FeatureSet: missing features: map[xsave:{} xgetbv1:{}] sandboxPid=263, flavor=gvisor, command=undefined, entryPoint=(default), docId=2Wp3D5VfNE4usuDh8hQ8BU

This is my env:

TZ=Europe/Berlin

APP_DOC_URL=https://grist.example.com
APP_HOME_URL=https://grist.example.com

GIST_INST_DIR=/persist
GRIST_DATA_DIR=/docs

GRIST_SINGLE_ORG=docs
GRIST_ORG_IN_PATH=true
GRIST_SUPPORT_ANON=false

GRIST_SAML_SP_HOST=https://grist.example.com
GRIST_SAML_SP_KEY=/saml/sp.key
GRIST_SAML_SP_CERT=/saml/sp.crt

GRIST_SAML_IDP_LOGIN=https://keycloak.example.com/auth/realms/grist/protocol/saml
GRIST_SAML_IDP_LOGOUT=https://keycloak.example.com/auth/realms/grist/protocol/saml
GRIST_SAML_IDP_UNENCRYPTED=1
GRIST_SAML_IDP_CERTS=/saml/idp.crt

GRIST_SANDBOX_FLAVOR=unsandboxed

@paulfitz
Copy link
Member

paulfitz commented Apr 6, 2022

Thanks for reporting that @helmut72. Looks like we'll need to back off sandboxing by default in the docker image, there may be too much variety in security settings. Sorry for the disruption.

In other news, @Vladimir-Va the behavior of Grist with GRIST_ORG_IN_PATH should be better now, after a fix in 6c6bfee (should be in gristlabs/grist:latest image)

@georgegevoian
Copy link
Contributor

@helmut72 If you don't mind sharing, what OS and CPU is your host machine running Docker using? Are you by any chance virtualizing Linux (e.g. using Hyper-V on Windows to run Docker)?

Asking because the error seems to indicate your CPU is lacking a feature needed by the sandbox (XSAVE).

@helmut72
Copy link

helmut72 commented Apr 6, 2022

I use Ubuntu 20.04 as the Host OS on bare metal and run your Docker Image from hub.docker.com. CPU is a Celeron/Atom, used in many NAS systems. But my PC isn't a NAS.

processor	: 0/1/2/3
vendor_id	: GenuineIntel
cpu family	: 6
model		: 76
model name	: Intel(R) Celeron(R) CPU  J3160  @ 1.60GHz
stepping	: 4
microcode	: 0x411
cpu MHz		: 747.337
cache size	: 1024 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 4
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes rdrand lahf_lm 3dnowprefetch epb pti ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms dtherm ida arat md_clear
bugs		: cpu_meltdown spectre_v1 spectre_v2 mds msbds_only
bogomips	: 3200.00
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:

paulfitz added a commit that referenced this issue Apr 6, 2022
@paulfitz
back off from making gvisor sandboxing default in docker image (#178)
a14eb92 
It looks like making gvisor sandboxing the default in our docker image is causing people trouble, so this backs off from that change. We retain gvisor's runsc executable in the image so that turning on sandboxing is just an environment variable setting away.

Lack of sandboxing is not good for users opening untrusted documents, so it would be good to be aggressive about turning it on, or communicating about it, so there's follow-up work needed. In the meantime I've updated the documentation about it somewhat.

See #177
@georgegevoian
Copy link
Contributor

Thanks @helmut72. Looks like the xsave flag is missing from that CPU, which explains the error from gvisor. We'll push up a fix to disable sandboxing by default. I'm not too sure if there's anything we can adjust in gvisor to work around this though; will need to do more research.

@helmut72
Copy link

helmut72 commented Apr 6, 2022

Thanks @georgegevoian @paulfitz As long as it works without sandboxing, I don't care about sandboxing.

@Vladimir-Va
Copy link
Contributor Author

Hello @helmut72
Can you use and login in grist without GRIST_SINGLE_ORG env?

@paulfitz
Copy link
Member

paulfitz commented Apr 6, 2022

@helmut72 the gristlabs/grist:latest image returns to unsandboxed operation by default, and previous images will work if you set GRIST_SANDBOX_FLAVOR to unsandboxed.

@Vladimir-Va the latest image also has a fix for GRIST_ORG_IN_PATH that may be relevant to you (see 6c6bfee)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@paulfitz @helmut72 @Vladimir-Va @georgegevoian