DeepStream plugins only available in Docker when run as root

• Hardware Platform (Jetson / GPU)
Jetson
• DeepStream Version
5.0 GA
• JetPack Version (valid for Jetson only)
4.4 GA
• TensorRT Version
7.1.3

I’m guessing this wasn’t found becuase it seems routine in the Docker ecosystem to run everything as root all of the time. In my particular case this is not feasible for my client.

Dockerfile to replicate:

ARG REGISTRY="nvcr.io"
ARG BASE="nvidia/deepstream-l4t"
# This image is kinda fat but it has all the GStreamer stuff and more
# (DeepStream) which we will need for later revisions of the Camera.
ARG TAG="5.0-20.07-samples"

FROM ${REGISTRY}/${BASE}:${TAG}

RUN adduser \
        --system \
        --home=/var/lib/camera \
        --disabled-login \
        --disabled-password \
        --shell=/bin/false \
        --group cameraman \
    && adduser cameraman video

USER cameraman:cameraman

steps to run:

anzu@pidgeon:~/Projects/gst-v4l2-camera$ sudo docker build -t dstest:latest -f deepstream_issue.Dockerfile .
Sending build context to Docker daemon   2.42MB
Step 1/6 : ARG REGISTRY="nvcr.io"
Step 2/6 : ARG BASE="nvidia/deepstream-l4t"
Step 3/6 : ARG TAG="5.0-20.07-samples"
Step 4/6 : FROM ${REGISTRY}/${BASE}:${TAG}
 ---> cbc3f5fb67a5
Step 5/6 : RUN adduser         --system         --home=/var/lib/camera         --disabled-login         --disabled-password         --shell=/bin/false         --group cameraman     && adduser cameraman video
 ---> Running in 737e254b0bbb
Adding system user `cameraman' (UID 102) ...
Adding new group `cameraman' (GID 105) ...
Adding new user `cameraman' (UID 102) with group `cameraman' ...
Creating home directory `/var/lib/camera' ...
Adding user `cameraman' to group `video' ...
Adding user cameraman to group video
Done.
Removing intermediate container 737e254b0bbb
 ---> 07910d1ee31a
Step 6/6 : USER cameraman:cameraman
 ---> Running in ce15806f4a55
Removing intermediate container ce15806f4a55
 ---> c1146d342190
Successfully built c1146d342190
Successfully tagged dstest:latest
anzu@pidgeon:~/Projects/gst-v4l2-camera$ sudo docker run -it --rm --runtime nvidia dstest:latest
cameraman@5c6f56ffaf74:/opt/nvidia/deepstream/deepstream-5.0$ gst-inspect-1.0 nvinfer
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
Error: Can't initialize nvrm channel
Error: Can't initialize nvrm channel
Couldn't create ddkvic Session: Cannot allocate memory
nvbuf_utils: Could not create Default NvBufferSession
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
2020-08-18 21:33:11.969359: I tensorflow/stream_executor/platform/default/dso_loader.cc:48] Successfully opened dynamic library libcudart.so.10.2
nvbufsurftransform:cuInit failed : 100 
2020-08-18 21:33:12.735470: I tensorflow/stream_executor/platform/default/dso_loader.cc:48] Successfully opened dynamic library libcudart.so.10.2
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
nvbufsurftransform:cuInit failed : 100 
No such element or plugin 'nvinfer'
cameraman@5c6f56ffaf74:/opt/nvidia/deepstream/deepstream-5.0$ gst-inspect-1.0 nvoverlaysink
No such element or plugin 'nvoverlaysink'

Any advice, workaround or fixes would be very much appreciated. Client wants to use microservices for everything but also wants to do so securely, so running containers as root is not an option.

I realized i was specifying a group with the USER which was overriding the video group addition. Oops.

USER cameraman

works