Is it possible to expose a USB device to an LXC/Docker container?

Question

I have an embedded system development image contained in a Docker file. In order to flash the code I need to connect to the nodes via USB Serial (e.g. /dev/ttyACM0).

With Docker I used the new bind mount feature to (see https://github.com/dotcloud/docker/issues/111, -b or more recently the -v option) to expose the hosts devfs to the container. However, whenever I connect ("cat /d/ttyACM0", d is the bind mount to dev) to the device I get "operation not permitted". Is it possible to not only bind mount, but actually use character devices in the container?

Would it be maybe even possible to expose specific devs via udev rules?

Answer 1

The --device option now allows exposing a /dev to a container, for example:

docker run -t -i --device=/dev/ttyUSB0 ubuntu bash

(I found from this Stack Overflow answer.)

Answer 2

At the current moment, this is not possible with Docker. However, we are working on a 'privilege' mode that would allow a container to access devices like USB or GPU.

Answer 3

While not possible via Docker itself (see previous answer) using lxc-cgroup directly on the running container seems to do the trick for me:

sudo lxc-cgroup -n 0dd4c652d0740e5ddb6f80e6f2ec2c52dd6435b22c8114c000c58ca9703ebc62 devices.allow "c 166:* rwm"

166 stands for ttyACM, the device class.

The Docker id needs to be the complete one (via Docker inspect "ID").