Hello Proxmox Community,
I am facing a persistent issue with `ffmpeg` running inside both LXC containers and VMs on a fresh Proxmox installation with a very new kernel. I would be grateful for any insights or suggestions.
**Summary of the Problem:**
When `ffmpeg` (running inside a Docker container, as part of the Frigate NVR application) tries to access a local RTSP camera stream, it fails with an "Operation not permitted" error. The crucial detail is that other network tools, like `curl`, running from within the exact same container, can successfully connect to the camera's RTSP port. This issue occurs identically in both privileged LXC containers and a full KVM virtual machine, suggesting a host-level problem.
---
**Host Environment Details:**
* **Proxmox VE Version:** pve-manager/9.0.10/deb1ca707ec72a89
* **Kernel Version:** 6.14.11-3-pve
* **CPU:** Intel N100 (with integrated iGPU)
* **Guest Environments Tested:** Debian 12 LXC (privileged), Debian 12 KVM VM.
---
**The Core Error (from `ffmpeg`):**
The `ffmpeg` process crashes repeatedly with the following error, regardless of other configuration changes:
'''
[in#0 @ 0x5be9164c71c0] Error opening input: Operation not permitted
Error opening input file rtsp://*:*@192.168.1.106/ch0_0.h264.
Error opening input files: Operation not permitted
'''
---
**Troubleshooting Steps Completed:**
I have gone through an extensive troubleshooting process to isolate the cause.
**1. Network Verification (All tests performed from *inside* the guest container/VM):**
* **Basic Connectivity:** `ping 8.8.8.8` -> SUCCESS.
* **DNS Resolution:** `ping google.com` -> SUCCESS.
* **RTSP Port Connection:** `curl -v rtsp://*:*@192.168.1.106` -> SUCCESS. The camera responds with `RTSP/1.0 200 OK`. This proves the network path is open and not blocked by a firewall.
* **Camera Stream URL:** The URL `rtsp://*:*@192.168.1.106/ch0_0.h264` has been verified and works perfectly in VLC Media Player from another machine on the same network.
**2. Guest & Software Configuration:**
* **LXC Privileges:** Tested with both unprivileged (`--unprivileged 1`) and privileged (`--unprivileged 0`) containers. The error is identical.
* **AppArmor:** Disabled the AppArmor profile for the LXC container (`lxc.apparmor.profile: unconfined`). The error persists.
* **Docker Image:** Tested with multiple official Frigate image tags from `ghcr.io`, including `:stable` and specific versions like `:0.15.1`. The error is identical.
* **Frigate Config:** The `config.yml` has been validated and is known to be correct. The error occurs even with a minimal configuration.
**3. Hardware Acceleration & Driver-Specific Tests:**
* **Disabled HW Accel:** When all hardware acceleration is disabled in Frigate (forcing CPU-only decoding), the `Operation not permitted` error still occurs. This suggests the issue is not with the iGPU/VA-API drivers themselves, but with a more fundamental network operation in `ffmpeg`.
* **Forced VA-API Drivers:** Tried forcing specific VA-API drivers (`i965` and `iHD`) via the `LIBVA_DRIVER_NAME` environment variable. This had no effect on the final error.
* **Explicit `ffmpeg` Params:** Used explicit `hwaccel_args` to define the vaapi device, which also did not resolve the issue.
---
**Question:**
I have reached the limit of my troubleshooting knowledge. The central mystery is why `curl` can successfully connect to the camera's RTSP port from within the container, while `ffmpeg` (in the same container) gets an "Operation not permitted" error when trying to access the exact same URL.
I am looking for any ideas or suggestions on what could cause this discrepancy. Are there any other diagnostic steps I could take to pinpoint the cause of this `Operation not permitted` error, or any known quirks with this setup?
Thank you for your time and any help you can provide.
I am facing a persistent issue with `ffmpeg` running inside both LXC containers and VMs on a fresh Proxmox installation with a very new kernel. I would be grateful for any insights or suggestions.
**Summary of the Problem:**
When `ffmpeg` (running inside a Docker container, as part of the Frigate NVR application) tries to access a local RTSP camera stream, it fails with an "Operation not permitted" error. The crucial detail is that other network tools, like `curl`, running from within the exact same container, can successfully connect to the camera's RTSP port. This issue occurs identically in both privileged LXC containers and a full KVM virtual machine, suggesting a host-level problem.
---
**Host Environment Details:**
* **Proxmox VE Version:** pve-manager/9.0.10/deb1ca707ec72a89
* **Kernel Version:** 6.14.11-3-pve
* **CPU:** Intel N100 (with integrated iGPU)
* **Guest Environments Tested:** Debian 12 LXC (privileged), Debian 12 KVM VM.
---
**The Core Error (from `ffmpeg`):**
The `ffmpeg` process crashes repeatedly with the following error, regardless of other configuration changes:
'''
[in#0 @ 0x5be9164c71c0] Error opening input: Operation not permitted
Error opening input file rtsp://*:*@192.168.1.106/ch0_0.h264.
Error opening input files: Operation not permitted
'''
---
**Troubleshooting Steps Completed:**
I have gone through an extensive troubleshooting process to isolate the cause.
**1. Network Verification (All tests performed from *inside* the guest container/VM):**
* **Basic Connectivity:** `ping 8.8.8.8` -> SUCCESS.
* **DNS Resolution:** `ping google.com` -> SUCCESS.
* **RTSP Port Connection:** `curl -v rtsp://*:*@192.168.1.106` -> SUCCESS. The camera responds with `RTSP/1.0 200 OK`. This proves the network path is open and not blocked by a firewall.
* **Camera Stream URL:** The URL `rtsp://*:*@192.168.1.106/ch0_0.h264` has been verified and works perfectly in VLC Media Player from another machine on the same network.
**2. Guest & Software Configuration:**
* **LXC Privileges:** Tested with both unprivileged (`--unprivileged 1`) and privileged (`--unprivileged 0`) containers. The error is identical.
* **AppArmor:** Disabled the AppArmor profile for the LXC container (`lxc.apparmor.profile: unconfined`). The error persists.
* **Docker Image:** Tested with multiple official Frigate image tags from `ghcr.io`, including `:stable` and specific versions like `:0.15.1`. The error is identical.
* **Frigate Config:** The `config.yml` has been validated and is known to be correct. The error occurs even with a minimal configuration.
**3. Hardware Acceleration & Driver-Specific Tests:**
* **Disabled HW Accel:** When all hardware acceleration is disabled in Frigate (forcing CPU-only decoding), the `Operation not permitted` error still occurs. This suggests the issue is not with the iGPU/VA-API drivers themselves, but with a more fundamental network operation in `ffmpeg`.
* **Forced VA-API Drivers:** Tried forcing specific VA-API drivers (`i965` and `iHD`) via the `LIBVA_DRIVER_NAME` environment variable. This had no effect on the final error.
* **Explicit `ffmpeg` Params:** Used explicit `hwaccel_args` to define the vaapi device, which also did not resolve the issue.
---
**Question:**
I have reached the limit of my troubleshooting knowledge. The central mystery is why `curl` can successfully connect to the camera's RTSP port from within the container, while `ffmpeg` (in the same container) gets an "Operation not permitted" error when trying to access the exact same URL.
I am looking for any ideas or suggestions on what could cause this discrepancy. Are there any other diagnostic steps I could take to pinpoint the cause of this `Operation not permitted` error, or any known quirks with this setup?
Thank you for your time and any help you can provide.