Chrome under Docker: CAP_SYS_ADMIN vs privileged? [closed]How to control Chrome in a network environmentGoogle Chrome Language TranslateHow can I override CMD when running a docker image?Kernel Tuning with Privileged Docker ContainerSSL_VERSION_OR_CIPHER_MISMATCH in chrome 42Removing Docker data volumes?How to remove an image tag in Docker without removing the image itself?Chrome Master_Preference AllowPopUpsDocker Port Forwarding and Privileged Flag not workingRestart docker container in privileged mode

Similarity score: Can Sklearn SVR predict values greater than 1 and less than 0?

What can I do with a research project that is my university’s intellectual property?

Should the party get XP for a monster they never attacked?

Excluding a rectangular region from an image in FITS

How can I get my left hand to sound legato when I'm leaping?

How to maintain a closed environment for one person for a long period of time

Do I have to explain the mechanical superiority of the player-character within the fiction of the game?

Can Ogre clerics use Purify Food and Drink on humanoid characters?

How does DC work with natural 20?

Boss wants someone else to lead a project based on the idea I presented to him

Hit the Bulls Eye with T in the Center

Prime sieve in Python

Count All Possible Unique Combinations of Letters in a Word

Encounter design and XP thresholds

Am I legally required to provide a (GPL licensed) source code even after a project is abandoned?

Can humans ever directly see a few photons at a time? Can a human see a single photon?

Primes and SemiPrimes in Binary

Why do all the teams that I have worked with always finish a sprint without completion of all the stories?

What does it mean to not be able to take the derivative of a function multiple times?

What's currently blocking the construction of the wall between Mexico and the US?

Why isn't my calculation that we should be able to see the sun well beyond the observable universe valid?

What is the meaning of "понаехать"?

Is it illegal to withhold someone's passport and green card in California?

How many people are necessary to maintain modern civilisation?



Chrome under Docker: CAP_SYS_ADMIN vs privileged? [closed]


How to control Chrome in a network environmentGoogle Chrome Language TranslateHow can I override CMD when running a docker image?Kernel Tuning with Privileged Docker ContainerSSL_VERSION_OR_CIPHER_MISMATCH in chrome 42Removing Docker data volumes?How to remove an image tag in Docker without removing the image itself?Chrome Master_Preference AllowPopUpsDocker Port Forwarding and Privileged Flag not workingRestart docker container in privileged mode






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








10















I am running chromedriver + chrome inside Docker in my test environment.



Everything was working fine until latest CoreOS upgrade.



These are the versions that seem to work:



VERSION=1185.5.0
VERSION_ID=1185.5.0
BUILD_ID=2016-12-07-0937


And this a newer version that causes chrome to coredump:



VERSION=1235.4.0
VERSION_ID=1235.4.0
BUILD_ID=2017-01-04-0450


Looking at changes, it seems docker was upgraded from 1.11.x to 1.12.x, which broke setns() call inside container. setns() is used by Chrome for creating a namespaces.



This are the example outputs:



jsosic-coreos-test-20161207 ~ # docker --version
Docker version 1.11.2, build bac3bae


From inside one container on this box:



[root@2939f21ecfaa /]# /opt/google/chrome/google-chrome
[57:57:0107/015130:ERROR:browser_main_loop.cc(261)] Gtk: cannot open display:


This is how the new version broke it:



jsosic-coreos-test-2017-01-04 ~ # docker --version
Docker version 1.12.3, build 34a2ead

[root@13ab34c36c82 /]# /opt/google/chrome/chrome
Failed to move to new namespace: PID namespaces supported,
 Network namespace supported,
 but failed: errno = Operation not permitted
Aborted (core dumped)


What I have found out is that if I start the container with either --cap-add=SYS_ADMIN or --privileged - Chrome works as expected.



What is the difference between those two switches? What capabilities are enabled by --privileged?



And, can I allow setns() inside container without compromising security?






permissions docker chrome namespaces







share|improve this question













closed as off-topic by womble Jun 5 at 2:03


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions on Server Fault must be about managing information technology systems in a business environment. Home and end-user computing questions may be asked on Super User, and questions about development, testing and development tools may be asked on Stack Overflow." – womble
If this question can be reworded to fit the rules in the help center, please edit the question.
















  • Thanks for this. I made an issue, using a lot of your stuff: github.com/docker/for-linux/issues/496 I think it ought to get fixed

    – Merc
    Nov 22 '18 at 1:54











  • I am nearly 2 years too late, but there is a much better and safer solution in the ticket above if you are still interested.

    – Merc
    Nov 23 '18 at 3:33











  • If the original poster doesn't update the answer (he doesn't seem active on SO at all), let me know if you would be available to accept a different one. I wasted hours on this, I can only imagine how many hours we will save other people.

    – Merc
    Nov 23 '18 at 3:35

















10















I am running chromedriver + chrome inside Docker in my test environment.



Everything was working fine until latest CoreOS upgrade.



These are the versions that seem to work:



VERSION=1185.5.0
VERSION_ID=1185.5.0
BUILD_ID=2016-12-07-0937


And this a newer version that causes chrome to coredump:



VERSION=1235.4.0
VERSION_ID=1235.4.0
BUILD_ID=2017-01-04-0450


Looking at changes, it seems docker was upgraded from 1.11.x to 1.12.x, which broke setns() call inside container. setns() is used by Chrome for creating a namespaces.



This are the example outputs:



jsosic-coreos-test-20161207 ~ # docker --version
Docker version 1.11.2, build bac3bae


From inside one container on this box:



[root@2939f21ecfaa /]# /opt/google/chrome/google-chrome
[57:57:0107/015130:ERROR:browser_main_loop.cc(261)] Gtk: cannot open display:


This is how the new version broke it:



jsosic-coreos-test-2017-01-04 ~ # docker --version
Docker version 1.12.3, build 34a2ead

[root@13ab34c36c82 /]# /opt/google/chrome/chrome
Failed to move to new namespace: PID namespaces supported,
 Network namespace supported,
 but failed: errno = Operation not permitted
Aborted (core dumped)


What I have found out is that if I start the container with either --cap-add=SYS_ADMIN or --privileged - Chrome works as expected.



What is the difference between those two switches? What capabilities are enabled by --privileged?



And, can I allow setns() inside container without compromising security?






permissions docker chrome namespaces







share|improve this question













closed as off-topic by womble Jun 5 at 2:03


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions on Server Fault must be about managing information technology systems in a business environment. Home and end-user computing questions may be asked on Super User, and questions about development, testing and development tools may be asked on Stack Overflow." – womble
If this question can be reworded to fit the rules in the help center, please edit the question.
















  • Thanks for this. I made an issue, using a lot of your stuff: github.com/docker/for-linux/issues/496 I think it ought to get fixed

    – Merc
    Nov 22 '18 at 1:54











  • I am nearly 2 years too late, but there is a much better and safer solution in the ticket above if you are still interested.

    – Merc
    Nov 23 '18 at 3:33











  • If the original poster doesn't update the answer (he doesn't seem active on SO at all), let me know if you would be available to accept a different one. I wasted hours on this, I can only imagine how many hours we will save other people.

    – Merc
    Nov 23 '18 at 3:35













10












10








10


1






I am running chromedriver + chrome inside Docker in my test environment.



Everything was working fine until latest CoreOS upgrade.



These are the versions that seem to work:



VERSION=1185.5.0
VERSION_ID=1185.5.0
BUILD_ID=2016-12-07-0937


And this a newer version that causes chrome to coredump:



VERSION=1235.4.0
VERSION_ID=1235.4.0
BUILD_ID=2017-01-04-0450


Looking at changes, it seems docker was upgraded from 1.11.x to 1.12.x, which broke setns() call inside container. setns() is used by Chrome for creating a namespaces.



This are the example outputs:



jsosic-coreos-test-20161207 ~ # docker --version
Docker version 1.11.2, build bac3bae


From inside one container on this box:



[root@2939f21ecfaa /]# /opt/google/chrome/google-chrome
[57:57:0107/015130:ERROR:browser_main_loop.cc(261)] Gtk: cannot open display:


This is how the new version broke it:



jsosic-coreos-test-2017-01-04 ~ # docker --version
Docker version 1.12.3, build 34a2ead

[root@13ab34c36c82 /]# /opt/google/chrome/chrome
Failed to move to new namespace: PID namespaces supported,
 Network namespace supported,
 but failed: errno = Operation not permitted
Aborted (core dumped)


What I have found out is that if I start the container with either --cap-add=SYS_ADMIN or --privileged - Chrome works as expected.



What is the difference between those two switches? What capabilities are enabled by --privileged?



And, can I allow setns() inside container without compromising security?






permissions docker chrome namespaces







share|improve this question














I am running chromedriver + chrome inside Docker in my test environment.



Everything was working fine until latest CoreOS upgrade.



These are the versions that seem to work:



VERSION=1185.5.0
VERSION_ID=1185.5.0
BUILD_ID=2016-12-07-0937


And this a newer version that causes chrome to coredump:



VERSION=1235.4.0
VERSION_ID=1235.4.0
BUILD_ID=2017-01-04-0450


Looking at changes, it seems docker was upgraded from 1.11.x to 1.12.x, which broke setns() call inside container. setns() is used by Chrome for creating a namespaces.



This are the example outputs:



jsosic-coreos-test-20161207 ~ # docker --version
Docker version 1.11.2, build bac3bae


From inside one container on this box:



[root@2939f21ecfaa /]# /opt/google/chrome/google-chrome
[57:57:0107/015130:ERROR:browser_main_loop.cc(261)] Gtk: cannot open display:


This is how the new version broke it:



jsosic-coreos-test-2017-01-04 ~ # docker --version
Docker version 1.12.3, build 34a2ead

[root@13ab34c36c82 /]# /opt/google/chrome/chrome
Failed to move to new namespace: PID namespaces supported,
 Network namespace supported,
 but failed: errno = Operation not permitted
Aborted (core dumped)


What I have found out is that if I start the container with either --cap-add=SYS_ADMIN or --privileged - Chrome works as expected.



What is the difference between those two switches? What capabilities are enabled by --privileged?



And, can I allow setns() inside container without compromising security?






permissions docker chrome namespaces




permissions docker chrome namespaces






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 7 '17 at 13:13









Jakov SosicJakov Sosic

4,30921628




4,30921628




closed as off-topic by womble Jun 5 at 2:03


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions on Server Fault must be about managing information technology systems in a business environment. Home and end-user computing questions may be asked on Super User, and questions about development, testing and development tools may be asked on Stack Overflow." – womble
If this question can be reworded to fit the rules in the help center, please edit the question.







closed as off-topic by womble Jun 5 at 2:03


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions on Server Fault must be about managing information technology systems in a business environment. Home and end-user computing questions may be asked on Super User, and questions about development, testing and development tools may be asked on Stack Overflow." – womble
If this question can be reworded to fit the rules in the help center, please edit the question.












  • Thanks for this. I made an issue, using a lot of your stuff: github.com/docker/for-linux/issues/496 I think it ought to get fixed

    – Merc
    Nov 22 '18 at 1:54











  • I am nearly 2 years too late, but there is a much better and safer solution in the ticket above if you are still interested.

    – Merc
    Nov 23 '18 at 3:33











  • If the original poster doesn't update the answer (he doesn't seem active on SO at all), let me know if you would be available to accept a different one. I wasted hours on this, I can only imagine how many hours we will save other people.

    – Merc
    Nov 23 '18 at 3:35

















  • Thanks for this. I made an issue, using a lot of your stuff: github.com/docker/for-linux/issues/496 I think it ought to get fixed

    – Merc
    Nov 22 '18 at 1:54











  • I am nearly 2 years too late, but there is a much better and safer solution in the ticket above if you are still interested.

    – Merc
    Nov 23 '18 at 3:33











  • If the original poster doesn't update the answer (he doesn't seem active on SO at all), let me know if you would be available to accept a different one. I wasted hours on this, I can only imagine how many hours we will save other people.

    – Merc
    Nov 23 '18 at 3:35
















Thanks for this. I made an issue, using a lot of your stuff: github.com/docker/for-linux/issues/496 I think it ought to get fixed

– Merc
Nov 22 '18 at 1:54





Thanks for this. I made an issue, using a lot of your stuff: github.com/docker/for-linux/issues/496 I think it ought to get fixed

– Merc
Nov 22 '18 at 1:54













I am nearly 2 years too late, but there is a much better and safer solution in the ticket above if you are still interested.

– Merc
Nov 23 '18 at 3:33





I am nearly 2 years too late, but there is a much better and safer solution in the ticket above if you are still interested.

– Merc
Nov 23 '18 at 3:33













If the original poster doesn't update the answer (he doesn't seem active on SO at all), let me know if you would be available to accept a different one. I wasted hours on this, I can only imagine how many hours we will save other people.

– Merc
Nov 23 '18 at 3:35





If the original poster doesn't update the answer (he doesn't seem active on SO at all), let me know if you would be available to accept a different one. I wasted hours on this, I can only imagine how many hours we will save other people.

– Merc
Nov 23 '18 at 3:35










2 Answers
2






active

oldest

votes


















6














AFAICS, the documentation suggests granting the capabilities needed for a container, rather than using the --privileged switch. Running in privileged mode seems to grant the container all capabilities (exactly which those are is listed in the first URL, provided that the docs are up to date).



In short, I'd say that --cap-add=SYS_ADMIN grants a smaller subset of capabilities to the container, compared to the --privileged switch. Event the examples in the Docker documentation (first URL) seem to prefer just adding the SYS_ADMIN or NET_ADMIN capability where needed.






share|improve this answer

























  • Thanks, exec_linux.go helped. I tried cloning docker repo to grep through it but since it took me couple of hours I just forgot about it :)

    – Jakov Sosic
    Jan 8 '17 at 14:42











  • Just to run Chrome, there is a much better solution listed here: github.com/docker/for-linux/issues/496#issuecomment-441149510 I think it would be very beneficial to update the answer so that people do what I explain in that very comment. Please let me know if you agree.

    – Merc
    Nov 23 '18 at 3:34


















1














One difference is that --privileged mounts /dev and /sys as RW, where as SYS_ADMIN mounts them as RO.
This means that a privileged container has full access to devices on the system. SYS_ADMIN doesn't give you that.






share|improve this answer





























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6














    AFAICS, the documentation suggests granting the capabilities needed for a container, rather than using the --privileged switch. Running in privileged mode seems to grant the container all capabilities (exactly which those are is listed in the first URL, provided that the docs are up to date).



    In short, I'd say that --cap-add=SYS_ADMIN grants a smaller subset of capabilities to the container, compared to the --privileged switch. Event the examples in the Docker documentation (first URL) seem to prefer just adding the SYS_ADMIN or NET_ADMIN capability where needed.






    share|improve this answer

























    • Thanks, exec_linux.go helped. I tried cloning docker repo to grep through it but since it took me couple of hours I just forgot about it :)

      – Jakov Sosic
      Jan 8 '17 at 14:42











    • Just to run Chrome, there is a much better solution listed here: github.com/docker/for-linux/issues/496#issuecomment-441149510 I think it would be very beneficial to update the answer so that people do what I explain in that very comment. Please let me know if you agree.

      – Merc
      Nov 23 '18 at 3:34















    6














    AFAICS, the documentation suggests granting the capabilities needed for a container, rather than using the --privileged switch. Running in privileged mode seems to grant the container all capabilities (exactly which those are is listed in the first URL, provided that the docs are up to date).



    In short, I'd say that --cap-add=SYS_ADMIN grants a smaller subset of capabilities to the container, compared to the --privileged switch. Event the examples in the Docker documentation (first URL) seem to prefer just adding the SYS_ADMIN or NET_ADMIN capability where needed.






    share|improve this answer

























    • Thanks, exec_linux.go helped. I tried cloning docker repo to grep through it but since it took me couple of hours I just forgot about it :)

      – Jakov Sosic
      Jan 8 '17 at 14:42











    • Just to run Chrome, there is a much better solution listed here: github.com/docker/for-linux/issues/496#issuecomment-441149510 I think it would be very beneficial to update the answer so that people do what I explain in that very comment. Please let me know if you agree.

      – Merc
      Nov 23 '18 at 3:34













    6












    6








    6







    AFAICS, the documentation suggests granting the capabilities needed for a container, rather than using the --privileged switch. Running in privileged mode seems to grant the container all capabilities (exactly which those are is listed in the first URL, provided that the docs are up to date).



    In short, I'd say that --cap-add=SYS_ADMIN grants a smaller subset of capabilities to the container, compared to the --privileged switch. Event the examples in the Docker documentation (first URL) seem to prefer just adding the SYS_ADMIN or NET_ADMIN capability where needed.






    share|improve this answer















    AFAICS, the documentation suggests granting the capabilities needed for a container, rather than using the --privileged switch. Running in privileged mode seems to grant the container all capabilities (exactly which those are is listed in the first URL, provided that the docs are up to date).



    In short, I'd say that --cap-add=SYS_ADMIN grants a smaller subset of capabilities to the container, compared to the --privileged switch. Event the examples in the Docker documentation (first URL) seem to prefer just adding the SYS_ADMIN or NET_ADMIN capability where needed.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited May 23 '17 at 12:41









    Community

    1




    1










    answered Jan 8 '17 at 11:29









    ivukivuk

    1764




    1764












    • Thanks, exec_linux.go helped. I tried cloning docker repo to grep through it but since it took me couple of hours I just forgot about it :)

      – Jakov Sosic
      Jan 8 '17 at 14:42











    • Just to run Chrome, there is a much better solution listed here: github.com/docker/for-linux/issues/496#issuecomment-441149510 I think it would be very beneficial to update the answer so that people do what I explain in that very comment. Please let me know if you agree.

      – Merc
      Nov 23 '18 at 3:34

















    • Thanks, exec_linux.go helped. I tried cloning docker repo to grep through it but since it took me couple of hours I just forgot about it :)

      – Jakov Sosic
      Jan 8 '17 at 14:42











    • Just to run Chrome, there is a much better solution listed here: github.com/docker/for-linux/issues/496#issuecomment-441149510 I think it would be very beneficial to update the answer so that people do what I explain in that very comment. Please let me know if you agree.

      – Merc
      Nov 23 '18 at 3:34
















    Thanks, exec_linux.go helped. I tried cloning docker repo to grep through it but since it took me couple of hours I just forgot about it :)

    – Jakov Sosic
    Jan 8 '17 at 14:42





    Thanks, exec_linux.go helped. I tried cloning docker repo to grep through it but since it took me couple of hours I just forgot about it :)

    – Jakov Sosic
    Jan 8 '17 at 14:42













    Just to run Chrome, there is a much better solution listed here: github.com/docker/for-linux/issues/496#issuecomment-441149510 I think it would be very beneficial to update the answer so that people do what I explain in that very comment. Please let me know if you agree.

    – Merc
    Nov 23 '18 at 3:34





    Just to run Chrome, there is a much better solution listed here: github.com/docker/for-linux/issues/496#issuecomment-441149510 I think it would be very beneficial to update the answer so that people do what I explain in that very comment. Please let me know if you agree.

    – Merc
    Nov 23 '18 at 3:34













    1














    One difference is that --privileged mounts /dev and /sys as RW, where as SYS_ADMIN mounts them as RO.
    This means that a privileged container has full access to devices on the system. SYS_ADMIN doesn't give you that.






    share|improve this answer



























      1














      One difference is that --privileged mounts /dev and /sys as RW, where as SYS_ADMIN mounts them as RO.
      This means that a privileged container has full access to devices on the system. SYS_ADMIN doesn't give you that.






      share|improve this answer

























        1












        1








        1







        One difference is that --privileged mounts /dev and /sys as RW, where as SYS_ADMIN mounts them as RO.
        This means that a privileged container has full access to devices on the system. SYS_ADMIN doesn't give you that.






        share|improve this answer













        One difference is that --privileged mounts /dev and /sys as RW, where as SYS_ADMIN mounts them as RO.
        This means that a privileged container has full access to devices on the system. SYS_ADMIN doesn't give you that.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jun 4 at 20:20









        mel1990mel1990

        111




        111













            -

            Popular posts from this blog

            Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

            Image
            Barça LassaBAXI ManresaCafés Candelas BreogánDelteco GBCDivina Seguros JoventutHerbalife Gran CanariaIberostar TenerifeKirolbet BaskoniaMonbus ObradoiroMontakit FuenlabradaMoraBanc AndorraMovistar EstudiantesReal MadridSan Pablo BurgosTecnyconta ZaragozaUCAM MurciaUnicajaValencia Basket Club Baloncesto Breogán baloncestoLugoGalicia1966JuanJosé Ramón Varela Portasmáxima categoría1970competicións europeasLiga ACBPavillón MunicipalPazo dos DeportesJesús Lázareliga EBAClub Estudiantes1965Lugobaloncestosegunda divisiónJosé RamónJuan Varela-Portas y Pardo1966Celestino Fernández de la Vega196869primeira divisiónZaragozaprimeira divisiónReal MadridJoventutEstudiantes19701971máxima categoría estatal11 de outubro1970Palacio dos DeportesLugoTenerifeMadridReal MadridAlfredo PérezBreogán19711972TenerifeMadridvascocatalánAlfredo PérezespañolMadridLugoManresa La Casera19741975As...
            Read more

            Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

            Image
            Parroquias da LarachaParroquias de Galicia baixo a advocación de Santiago o Maior coruñésLarachacomarca de BergantiñosIGE20131999castro de Montesclarospoboado castrexoidade de ferroromanización de Galiciamiliariopazo de Montesclarosséculo XIXAmboadeA AreosaA BarreiraBos AiresA BoticaAs Brañas da ViñaAs BrañasBusteloOs CanedosFerreirosAs FervenzasA Fonte da CanleO FormigueiroFornelosA FragaFragundeGravidoA LamelaMarfuloOs MeánsMontes ClarosA PanelaO PazoQuintánsRibelaSamiroO SeixoA TelleiraVilañoVilanovaA ViñaVista AlegreCabovilaño (San Román)Caión (Santa María do Socorro)Coiro (San Xián)Erboedo (Santa María)Golmar (San Bieito)Lemaio (Santa Mariña)Lendo (San Xián)Lestón (San Martiño)Montemaior (Santa María Madanela)Soandres (San Pedro)Soutullo (Santa María)Torás (Santa María)Vilaño (Santiago) Vilaño, A Laracha Na Galipedia, a Wi...
            Read more

            Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

            Image
            OftalmoloxíaDiscapacidade sentidovistaNorteaméricaEuropaollopaíses en vías de desenvolvementopaíses desenvolvidos2014Organización Mundial da SaúdeGaliciaretinopatía diabéticaglaucomaresto visualagudeza visualcampo visualterapia xénicaretinavirus do arrefriado comúncanadestradoséculo XIXLouis Brailleteclado brailleescáneresrecoñecemento óptico de caractereslectores de pantallacorsinestesiafrauta doceamareloclarineteazultamboresvermellopianoverdeSistema Constanzsemáforocans guíaBrailletactosoftwaretactoeuroAvuiséculo XXUnión SoviéticaFranciaItaliaInglaterraNataciónatletismociclismojudoesquífútbol salamontañismoxadrezgoalballsociedademúsicosindixentesprofetassabiosoídotactomúsicarisatactooídolinguaxePiaget (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u0...
            Read more