After setting up rootless Docker as described here, I am trying to use a bluetooth USB dongle from inside a container. I confirmed that the dongle works on the host and I can run hcitool -i hci0 lescan successfully (with the root user). From numerous posts around the internet, it seems that the container must be started with a combination of the following options:
--net=host--privileged- with capability
NET_ADMIN - with capability
NET_RAW - with capability
SYS_ADMIN
Note that I am using Portainer, but the equivalent CLI command used would be docker run -ti --privileged --net=host --cap-add=NET_ADMIN --cap-add=NET_RAW --cap-add=SYS_ADMIN ubuntu:latest --name bletest /bin/bash. So, I started the container with all these options - however, I get the following errors trying to access the device:
root@srv:/# service dbus status
* dbus is running
root@srv:/# hciconfig hci0
Can't open HCI socket.: Address family not supported by protocol
root@srv:/# /usr/lib/bluetooth/bluetoothd -d -n
bluetoothd[790]: Bluetooth daemon 5.53
bluetoothd[790]: src/main.c:parse_config() parsing /etc/bluetooth/main.conf
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “DiscoverableTimeout” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “AlwaysPairable” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “PairableTimeout” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “Privacy” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “Name” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “Class” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “DeviceID” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “ReverseServiceDiscovery” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have group “GATT”
bluetoothd[790]: src/main.c:parse_config() Key file does not have group “GATT”
bluetoothd[790]: src/main.c:parse_config() Key file does not have group “GATT”
bluetoothd[790]: Failed to access management interface
bluetoothd[790]: Adapter handling initialization failed
Running with -v /var/lib/bluetooth -v /sys/fs/cgroup:/sys/fs/cgroup:ro from here:
root@srv:/# ls -lah /var/lib/bluetooth/00\:02\:72\:CD\:0B\:0B/
ls: cannot open directory '/var/lib/bluetooth/00:02:72:CD:0B:0B/': Permission denied
The last command works on the host which leads me to suspecting some permission error still. Is there any further option that I can set to allow using the Bluetooth dongle from the container?
Note that I uninstalled bluez from the host after testing the device since I read here that it might get blocked from the host if accessed by some bluetooth services. Afterwards I also made sure to reconnect the dongle physically.
EDIT: Also note that (now) I added the Docker user (dkr) on the host system to the bluetooth and netdev (the latter did not exist, so I created it) groups. I confirmed that the host user can use bluetoothctl to scan for devices (scan on/off). However, the user is still not permitted to run hcitool lescan for some reason.
