Skip to content

[Bug/Feature]: No container-optimized Chromium defaults — SwiftShader WebGL + unlimited renderer processes cause OOM in LXC/Docker #23889

Closed
#31504
Closed
[Bug/Feature]: No container-optimized Chromium defaults — SwiftShader WebGL + unlimited renderer processes cause OOM in LXC/Docker#23889
#31504
@starychenko

Description

@starychenko
starychenko
opened on Feb 22, 2026

Summary

When running OpenClaw in a containerized environment (LXC, Docker) without a GPU, Chrome/Chromium launches with SwiftShader WebGL enabled by default and no limit on renderer processes. Combined with OpenClaw's default concurrency (maxConcurrent: 4, subagents.maxConcurrent: 8), this can spawn 10–14 renderer processes and drive CPU usage to 100% and RAM into swap exhaustion.

Steps to Reproduce

  1. Run OpenClaw in an LXC or Docker container (no GPU)
  2. Use the browser tool across multiple agents/subagents (any task that opens a browser)
  3. Run ps aux | grep chrome — observe ~14 renderer processes
  4. Run top — observe 300–400% CPU and swap filling up

What Happens

  • Chrome falls back to SwiftShader (--use-angle=swiftshader-webgl) — a pure-CPU WebGL implementation
  • SwiftShader is 10–50x slower than GPU rendering and extremely CPU-intensive
  • Without --renderer-process-limit, each agent/subagent spawns its own renderer process
  • maxConcurrent: 4 + subagents.maxConcurrent: 8 = up to 12 concurrent browser contexts → ~14 renderer processes
  • In a 4 GB container: load average reached 34 on 4 cores, SWAP 511/512 MB full

Suggested Fix

Add recommended container launchArgs to the documentation and/or set sensible defaults when noSandbox: true is detected (which implies a container environment):

{
  "browser": {
    "launchArgs": [
      "--disable-3d-apis",
      "--disable-software-rasterizer",
      "--disable-gpu",
      "--disable-dev-shm-usage",
      "--renderer-process-limit=2",
      "--no-zygote",
      "--disable-extensions"
    ]
  }
}

What each flag does:

Flag Effect
--disable-3d-apis Disables WebGL entirely — removes SwiftShader CPU load
--disable-software-rasterizer Belt-and-suspenders: explicitly blocks SwiftShader
--disable-gpu Disables GPU acceleration (none available in LXC anyway)
--disable-dev-shm-usage Critical for LXC: /dev/shm is often limited to 64 MB
--renderer-process-limit=2 Caps renderer processes at 2 (reuse instead of spawn)
--no-zygote Reduces process spawning overhead
--disable-extensions Reduces memory footprint

Potential Approach

  1. Documentation: Add a "Running in containers" section with these recommended flags
  2. Auto-detection: If noSandbox: true is set, automatically apply container-safe defaults
  3. Warning: Emit a startup warning if no launchArgs are set and the system appears to be a container (no /dev/dri, no GPU)

Environment

  • OpenClaw 2026.2.21-2
  • Proxmox LXC container, 4 cores, 6 GB RAM, no GPU
  • Playwright Chromium (ms-playwright/chromium-1208)
  • Default config (no launchArgs set)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions