Running Zed 2 Camera in Docker without Privileged Flag

kingrio · September 1, 2023, 1:06am

As the title says, is there any way to use the Zed 2 camera without the privileged flag? For our use case, we are passing devices individually:

--device=/dev/video0 \
--device=/dev/myserial \
--device=/dev/rplidar \
--device=/dev/input \

But when we add the --privileged flag to this, it’s causing issues with our other devices. Note: /dev/rplidar and /dev/myserial are custom USB rules / symlinks that are needed inside docker. It seems like the privileged flag is overwriting these symlinks (when I run ls \dev | grep lidar without privileged flag, I see the device, but when I run it with the flag, I don’t see the device) So just wondering if there’s a way to manually pass the Zed camera device into the docker container.

alassagne · September 4, 2023, 4:53pm

Hi,

I did not test such a scenario myself. Did you try the solutions from this thread ? https://forums.developer.nvidia.com/t/nvidia-docker-seems-unable-to-use-gpu-as-non-root-user/80276/4

kingrio · September 4, 2023, 10:23pm

Thanks for the reply @alassagne

I checked the link you suggested - our Docker container (one of dustynv’s Zed containers) runs as root user, so I don’t think that solution applies to our case.

I also checked this link: Passing ZED into Docker without Privilege mode - #2 by adujardin
But it seems like the thread was never continued and no solution provided.

Is there no way to run the Zed camera in Docker without privileged flag? It seems like it’s a matter of identifying the right devices to pass into Docker using “-- device”.

alassagne · September 5, 2023, 7:34am

Hi again,

I’m not sure the solution from the other thread will work. The USB controllers are not very reliable depending on the computer you use. There are mecanisms in the SDK that try to recover the camera when it goes down and, for that, passing the device is not enough (since the device can change).

kingrio · September 5, 2023, 12:23pm

Thanks for the reply @alassagne

I’m working on a Jetson Xavier NX. Do you have any recommendations on how to proceed if it’s not possible to pass individual devices into Docker?

alassagne · September 5, 2023, 2:57pm

The easiest way to proceed is definitely to use the privileged mode.

kingrio · September 5, 2023, 3:05pm

@alassagne yes I understand that and I’ve tested it works, but since it creates a conflict as described in my post above, I was looking for any other way apart from that method?

alassagne · September 6, 2023, 8:50am

Did you try the solution from the thread you mentioned ? I mean, setup the udev rules on the host. That should work… until your USB controller breaks, and the SDK will not be able to recover. You’ll have to implement the recovery yourself.

kingrio · September 6, 2023, 2:42pm

Hi @alassagne, actually we installed the SDK both on the host (Jetson NX) and inside the Docker container, so the udev rules are indeed there.

I found a temporary workaround although I’m not sure how stable this is. I still start the Docker container in privileged mode. But then add the custom udev rules inside the container that map ttyUSB* to /dev/rplidar & /dev/myserial and then reload the rules. These custom rules were on the host, but seem to get erased when using privileged mode (as described in the post above). So this seems to work for now, hopefully it doesn’t cause any conflicts/clashes with Zed. What do you think?

kingrio · September 6, 2023, 2:54pm

Additionally, are there any udev rules to map the Zed camera to a symlink such as /dev/myzed? This would be very helpful too. If not, maybe I should mount the whole /dev volume into the container?

alassagne · September 8, 2023, 8:52am

What I do usually is indeed mount the whole /dev volume into the container. if you are using ZED X, you should also mount /tmp/argus_socket and /var/nvidia/nvcam/settings/