...

2.1 Design docker container architecture

...

• Containers cannot be run with root privileges. The app runs in the camera with user privileges of uid 1000, gid 1000.

• The container is mounted read only.
  You cannot write to the container. If an existing app is writing to the container, it will need to write to a tmpfs(RAM) for temporary data, or to a separate mounted volume for persistent data.

• Options that relax security, such as --previledged, cannot be used.

• Docker images cannot be pulled from an external container registry directly from within the camera. The required docker images must be pulled and built on the development PC and included in the Container AdamApp(ext file).

2.3.4 Restrictions on using ADAM API

If Container AdamApp contains multiple containers, the ADAM API can only be used from the main container, not from sub containers.

...

2.3.4 Restrictions on using ADAM API

2.3.4.1 Containers that can use the ADAM API

If Container AdamApp contains multiple containers, the ADAM API can only be used from the main container, not from sub containers.

It is better that main image has feature related to camera functions and sub images have features not related to camera functions. Chapter 3.4 shows how to share the data between main and sub images.

2.3.4.2 Directory path that can be obtained with ADAM API

The various directory paths that can be obtained by AdamApp, Container AdamAPp, and Container AdamApp for Azure IoT are shown in the table below. As mentioned in Chapter 2.3.3, in Container AdamApp, the paths that can be obtained by ADAM_GetAppTmpDirPath are read-only areas. In addition, the directories that can be obtained by ADAM_GetAppTmpDirPath are shared with the host side (camera body). Therefore, when temporarily storing data that you do not want to be accessed from the host side, please use the area defined in the tmpfs section of docker-compose.yaml.

3. Development Procedure

3.1 Create a project

...