Docker Access to Raspberry Pi GPIO Pins --privileged does not work

Question

I know similar question had already been answered, and I studied dilligently. I believe, I have tried nearly all possible combinations, without success:

sudo docker run --device /dev/ttyAMA0:/dev/ttyAMA0 --device /dev/mem:/dev/mem --device /dev/gpiomem:/dev/gpiomem --privileged my_image_name /bin/bash

I have also refered to the docker manual and tried also with --cap-add=SYS_ADMIN

sudo docker run --cap-add=SYS_ADMIN --device /dev/ttyAMA0:/dev/ttyAMA0 --device /dev/mem:/dev/mem --device /dev/gpiomem:/dev/gpiomem --privileged my_image_name /bin/bash

I also tried combintions with volumes: -v /sys:/sys

But I still get failed access to devices, due to Permission denied:

I have checked that those devices possibly needed exist and I can read them:

I am wasted. What am I still doing wrong ? Is it that I must run my app inside container as root ? How in the world ? :D

Answer 1

You're running commands in the container as appuser, while the device files are owned by root with various group permissions and no world access (crw-rw--- and crw-r-----). Those groups may look off because /etc/groups inside the container won't match the host, and what passes through to the container is the uid/gid, not the user/group name. The app itself appears to expect you are running as root and even suggests sudo. That sudo is not on the docker command itself (though you may need that if your user on the host is not a member of the docker group) but on the process started inside the container:

docker run --user root --privileged my_image_name /bin/bash

Realize that this is very insecure, so make sure you trust the process inside the container as if it was running as root on the host outside of the container, because it has all the same access.