Reference
There are a couple of options. You can use the --device
flag that use can use to access USB devices without --privileged
mode:
docker run -t -i --device=/dev/ttyUSB0 ubuntu bash
Alternatively, assuming your USB device is available with drivers working, etc. on the host in /dev/bus/usb
, you can mount this in the container using privileged mode and the volumes option. For example:
docker run -t -i --privileged -v /dev/bus/usb:/dev/bus/usb ubuntu bash
Note that as the name implies, --privileged
is insecure and should be handled with care.
If you would like to dynamically access USB devices which can be plugged in while the docker container is already running, for example access a just attached usb webcam at /dev/video0, you can add a cgroup rule when starting the container. This option does not need a –privileged container and only allows access to specific types of hardware.
Step 1
Check the device major number of the type of device you would like to add. You can look it up in the linux kernel documentation. Or you can check it for your device. For example to check the device major number for a webcam connected to /dev/video0, you can do a ls -la /dev/video0
. This results in something like:
crw-rw----+ 1 root video 81, 0 Jul 6 10:22 /dev/video0
Where the first number (81) is the device major number. Some common device major numbers:
- 81: usb webcams
- 188: usb to serial converters
Step 2
Add rules when you start the docker container:
- Add a
-device-cgroup-rule='c major_number:* rmw'
rule for every type of device you want access to - Add access to udev information so docker containers can get more info on your usb devices with
v /run/udev:/run/udev:ro
- Map the /dev volume to your docker container with
v /dev:/dev
Wrap up
So to add all usb webcams and serial2usb devices to your docker container, do:
docker run -it -v /dev:/dev --device-cgroup-rule='c 188:* rmw' --device-cgroup-rule