The following is a fully configured docker run command for reference. Most setups won't need every flag or mount, but this covers the full range of hardware configurations you may encounter.
The example below corresponds to a config with 1 robot, 2 ZedX Mini (GMSL) cameras**, and 1 RealSense AI D435** camera on a 6dof actuated neck. The robot uses ROS for real-time control over a specified domain ID, with CycloneDDS as the middleware.
docker run -it --rm \\
--name sentinel-runtime-1 \\
--privileged \\
--network host \\
--runtime nvidia \\
--gpus all \\
--group-add video \\
--group-add plugdev \\
$(getent group render >/dev/null && echo "--group-add $(getent group render | cut -d: -f3)") \\
$(getent group i2c >/dev/null && echo "--group-add $(getent group i2c | cut -d: -f3)") \\
-v /dev:/dev \\
-v /tmp:/tmp \\
-v sentinel-zed-models:/usr/local/zed/resources \\
-v "$HOME/datasets:/datasets" \\
-v "$HOME/teleop_ws/cyclonedds.xml:/cyclonedds.xml:ro" \\
-v "$HOME/telwop_ws/robot.yaml:/config/robot.yaml:ro" \\
-v "$HOME/teleop_ws/.xlerobot_neck_calibration.json:/config/neck_calibration.json" \\
-e NVIDIA_VISIBLE_DEVICES=all \\
-e NVIDIA_DRIVER_CAPABILITIES=all \\
-e RMW_IMPLEMENTATION=rmw_cyclonedds_cpp \\
-e ROS_DOMAIN_ID=1 \\
-e CYCLONEDDS_URI="/cyclonedds.xml" \\
$AVEA_SENTINEL_REGISTRY/sentinel-runtime:${VERSION}-${PLATFORM}
--privileged Grants full hardware access permissions, including the /dev directory.--network host Uses the host's network stack. Required for robots that communicate over LAN.--runtime nvidia Injects Nvidia drivers and libraries into the container via the Nvidia Container Toolkit.--gpus all Not strictly required, but some x86 platforms will complain without it.--group-add video Grants access to the video group for USB/UVC cameras (RealSense, ZED 2).--group-add plugdev Allows camera SDKs to detect and dynamically mount new devices inside the container.The following snippet conditionally adds the render and i2c groups only if they exist on the host:
$(getent group render >/dev/null && echo "--group-add $(getent group render | cut -d: -f3)") \\
$(getent group i2c >/dev/null && echo "--group-add $(getent group i2c | cut -d: -f3)") \\
These are required for ZedX cameras — without them, the ZED SDK cannot reliably access the GPU for GMSL deserialization. The i2c group doesn't exist on most x86 systems, so the conditional check ensures the flag is only added when the group is present
-v /dev:/dev Redundant with --privileged in most cases, but safer to include explicitly.-v /tmp:/tmp Required for the ZED SDK to connect to the host's ZedX daemon via /tmp/argus_socket.-v "$HOME/datasets:/datasets" Maps the host datasets directory to /datasets inside the container. If the directory doesn't exist, our internal entrypoint will create it and fix permissions automatically.-v "$HOME/teleop_ws/cyclonedds.xml:/cyclonedds.xml:ro" Sentinel supports both CycloneDDS and FastDDS. Mount a middleware config here to pin traffic to a specific network interface or configure discovery. FastDDS profiles can be mounted at /fastdds_profile.xml.-v ".../robot.yaml:/config/robot.yaml:ro" Maps your robot config file.-v sentinel-zed-models:/usr/local/zed/resources Creates (if doesn't already exist) a named docker volume to store optimized Zed Depth models.
-v /usr/local/zed/resources:usr/local/zed/resources and share all optimized models!