From 28db793d3324698a8309c98d0022a6965ac85425 Mon Sep 17 00:00:00 2001 From: aptalca Date: Fri, 4 Mar 2022 14:40:34 -0500 Subject: [PATCH 1/3] increase video perm fix verbosity, set group rw --- README.md | 1 + readme-vars.yml | 1 + root/etc/cont-init.d/50-gid-video | 33 ++++++++++++++++++++++--------- 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index cf35fa9..fa8fbf9 100644 --- a/README.md +++ b/README.md @@ -299,6 +299,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **04.03.22:** - Increase verbosity of video device permissions fix, attempt to fix missing group rw. * **25.12.21:** - Install Intel drivers from the official repo. * **20.01.21:** - Deprecate `UMASK_SET` in favor of UMASK in baseimage, see above for more information. * **10.12.20:** - Add latest Intel Compute packages from github repo for opencl support on latest gen igpu. diff --git a/readme-vars.yml b/readme-vars.yml index 13867d0..2c39ad4 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -107,6 +107,7 @@ app_setup_block: | # changelog changelogs: + - { date: "04.03.22:", desc: "Increase verbosity of video device permissions fix, attempt to fix missing group rw." } - { date: "25.12.21:", desc: "Install Intel drivers from the official repo." } - { date: "20.01.21:", desc: "Deprecate `UMASK_SET` in favor of UMASK in baseimage, see above for more information." } - { date: "10.12.20:", desc: "Add latest Intel Compute packages from github repo for opencl support on latest gen igpu." } diff --git a/root/etc/cont-init.d/50-gid-video b/root/etc/cont-init.d/50-gid-video index 9766c76..48048e1 100755 --- a/root/etc/cont-init.d/50-gid-video +++ b/root/etc/cont-init.d/50-gid-video @@ -4,17 +4,32 @@ FILES=$(find /dev/dri /dev/dvb -type c -print 2>/dev/null) for i in $FILES do - VIDEO_GID=$(stat -c '%g' "$i") - if ! id -G abc | grep -qw "$VIDEO_GID"; then - VIDEO_NAME=$(getent group "${VIDEO_GID}" | awk -F: '{print $1}') - if [ -z "${VIDEO_NAME}" ]; then - VIDEO_NAME="video$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c8)" - groupadd "$VIDEO_NAME" - groupmod -g "$VIDEO_GID" "$VIDEO_NAME" + VIDEO_GID=$(stat -c '%g' "${i}") + VIDEO_UID=$(stat -c '%u' "${i}") + # check if user matches device + if id -u abc | grep -qw "${VIDEO_UID}"; then + echo "**** permissions for ${i} are good ****" + else + # check if group matches and that device has group rw + if id -G abc | grep -qw "${VIDEO_GID}" && [ $(stat -c '%A' "${i}" | cut -b 5,6) = "rw" ]; then + echo "**** permissions for ${i} are good ****" + # check if device needs to be added to video group + elif ! id -G abc | grep -qw "${VIDEO_GID}"; then + # check if video group needs to be created + VIDEO_NAME=$(getent group "${VIDEO_GID}" | awk -F: '{print $1}') + if [ -z "${VIDEO_NAME}" ]; then + VIDEO_NAME="video$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c8)" + groupadd "${VIDEO_NAME}" + groupmod -g "${VIDEO_GID}" "${VIDEO_NAME}" + echo "**** creating video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" + fi + echo "**** adding ${i} to video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" + usermod -a -G "${VIDEO_NAME}" abc fi - usermod -a -G "$VIDEO_NAME" abc + # check if device has group rw if [ $(stat -c '%A' "${i}" | cut -b 5,6) != "rw" ]; then - echo -e "**** The device ${i} does not have group read/write permissions, which might prevent hardware transcode from functioning correctly. To fix it, you can run the following on your docker host: ****\nsudo chmod g+rw ${i}\n" + echo -e "**** The device ${i} does not have group read/write permissions, attempting to fix inside the container.If it doesn't work, you can run the following on your docker host: ****\nsudo chmod g+rw ${i}\n" + chmod g+rw "${i}" fi fi done From a498a4cf157a76bfde8b961c294799fd5a296f7b Mon Sep 17 00:00:00 2001 From: aptalca Date: Fri, 4 Mar 2022 14:45:44 -0500 Subject: [PATCH 2/3] standardize for alpine --- root/etc/cont-init.d/50-gid-video | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/etc/cont-init.d/50-gid-video b/root/etc/cont-init.d/50-gid-video index 48048e1..aaf9dfd 100755 --- a/root/etc/cont-init.d/50-gid-video +++ b/root/etc/cont-init.d/50-gid-video @@ -18,7 +18,7 @@ do # check if video group needs to be created VIDEO_NAME=$(getent group "${VIDEO_GID}" | awk -F: '{print $1}') if [ -z "${VIDEO_NAME}" ]; then - VIDEO_NAME="video$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c8)" + VIDEO_NAME="video$(head /dev/urandom | tr -dc 'a-z0-9' | head -c4)" groupadd "${VIDEO_NAME}" groupmod -g "${VIDEO_GID}" "${VIDEO_NAME}" echo "**** creating video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" From 561f7356cb00998016bbe20e9f323dbb2bedfdf9 Mon Sep 17 00:00:00 2001 From: aptalca Date: Fri, 4 Mar 2022 15:28:49 -0500 Subject: [PATCH 3/3] update log message --- root/etc/cont-init.d/50-gid-video | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/etc/cont-init.d/50-gid-video b/root/etc/cont-init.d/50-gid-video index aaf9dfd..c07fe60 100755 --- a/root/etc/cont-init.d/50-gid-video +++ b/root/etc/cont-init.d/50-gid-video @@ -28,7 +28,7 @@ do fi # check if device has group rw if [ $(stat -c '%A' "${i}" | cut -b 5,6) != "rw" ]; then - echo -e "**** The device ${i} does not have group read/write permissions, attempting to fix inside the container.If it doesn't work, you can run the following on your docker host: ****\nsudo chmod g+rw ${i}\n" + echo -e "**** The device ${i} does not have group read/write permissions, attempting to fix inside the container. ****" chmod g+rw "${i}" fi fi