Can't use sudo or apt inside the container

[Fellhahn]

I'm using the leonowski/docker-blueiris:run_as_service fork/tag, however @leonowski hasn't enabled issue tracking on his fork. The same problem applies to the dev branch here though

Discovered this while trying to troubleshoot connectivity to a camera over a macvlan docker network whose parent is a vlan subinterface.

I exec in to the container with /bin/bash.

ping my camera

"ping: command not found"

OK; apt install inetutils-ping

"Could not open lock file .... Permission denied"

Oh, right; sudo apt install inetutils-ping

"sudo: command not found"

...what?

Then try just su, but root password is not blank and at that point I'm out of ideas.

How can I poke around inside the container? I can't figure out how to elevate privileges, which just seems like such a stupid problem to have :S

[leonowski]

Because the container runs as the "wineuser" (UID 1001) user, it does not have root privs. This was done to "secure" the container as it generally is a bad idea to run a container as root. I had thought about this problem from the perspective from someone who wants to fix/tinker with the container. I realize it is also bad to not be able to manage and troubleshoot this thing. The audience for a container like this should be technical people anyway.

I'll see if there is a way to configure user switching at container runtime to allow for troubleshooting. In Docker, you can usually switch the user with the --user flag, but there are a few problems with just doing that. First, the supervisor config is set to use wineuser explicitly. Also, it didn't seem like it was easy to specify multiple users with wine. I have since found this:

https://ubuntuforums.org/showthread.php?t=917422

I'll work on trying to make this admin mode. In the meantime, would a new branch that runs as root work for you? I'll have to go in and basically remove all the stuff that made wineuser work.

[Fellhahn]

If it's not too much work, that would be useful, thanks.

What I really want to investigate is whether this:

https://www.phoronix.com/scan.php?page=news_item&px=Wine-Staging-DXVA2-VA-API

Can be used as a path to enabling HW acceleration for BlueIris inside the container. DXVA2 is one of the options for HW accel in the camera options within BI, I've been using it for the past few weeks and it works well, better than NVDEC in my opinion.

My hope is:

Map/grant the /dev/dri/renderD128 host device into the container. Install VAAPI drivers in the container (if required?) Enable DXVA2 support in Wine. (May require using the devel branch). Set cameras to use DXVA2 in BlueIris.

[jshridha]

@Fellhahn This would be great. My understanding from #4 is that Xvfb doesn't support hardware acceleration, but I'm not sure if that will limit blueiris from leveraging the GPU. Have you made any progress here?

[jshridha]

I switched over to the staging branch in the ubuntu repos apt install winehq-staging and it looks like their version of wine isn't built with VAAPI/DXVA2 patch set applied. I think we may need to build wine from source to get this to work.

[jshridha]

I'm very close to having GPU acceleration working, at least with an Intel embedded GPU. See the screenshot below. Video/0 is at 0% with hardware acceleration turned off and then around 4% with it turned on. I'm not quite sure how efficient it is being since it isn't using the Intel instruction set but rather the DXVA2, and it seems wine is adding a lot of overhead, but hey, it's working.

One of the regressions is that it requires that blue iris not be run as a service. @leonowski and @TonyBrobston can you remind me the reason for the net start blueiris change? Was it to fix a timezone issue?

[jshridha]

@Fellhahn After many many hours of trial and error, I got a working branch/build. If you can test it out and give feedback, that would be great. Check out #40 for some loose instructions and ping back in that PR if you need help. Also, this container now exposes the root user but runs most processes as the unprivileged user. It should be a good base for whatever development you can do.

I'm going to close this issue for now since you can apt inside this new container.