Use setarch --addr-no-randomize to fix esbuild crash in Docker

esbuild's Go binary crashes with lfstack.push on kernels with 5-level paging or high-entropy ASLR (memory mapped above 47-bit addresses). Disabling ASLR via the personality syscall for the build process keeps allocations at low addresses without requiring host changes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 17:42:37 +01:00 · 2026-03-16 03:34:28 +00:00
parent 92ffa9219c
commit 501a7be689
1 changed files with 7 additions and 4 deletions
--- a/11
+++ b/11
@@ -31,12 +31,15 @@ ENV VITE_API_BASE_URL=${MESHSTREAM_API_BASE_URL} \
    VITE_SITE_TITLE=${MESHSTREAM_SITE_TITLE} \
    VITE_SITE_DESCRIPTION=${MESHSTREAM_SITE_DESCRIPTION}

-# Prevent esbuild's Go runtime from crashing on kernels with high-entropy ASLR
-# or 5-level paging, which places memory at addresses above 47 bits.
-ENV MALLOC_ARENA_MAX=2
+# esbuild's bundled Go binary crashes on kernels with 5-level paging or
+# high-entropy ASLR because Go's lfstack can't handle addresses above 47 bits.
+# setarch --addr-no-randomize disables ASLR for the process via the personality
+# syscall, keeping allocations at low addresses. util-linux provides setarch.
+RUN apt-get update && apt-get install -y --no-install-recommends util-linux \
+    && rm -rf /var/lib/apt/lists/*

 # Build the web app
-RUN pnpm build
+RUN setarch "$(uname -m)" --addr-no-randomize pnpm build

 ###############################################################################
 # Stage 2: Build the Go server