Accessing host devices from inside a Docker container - ARMmbed/connectedhomeip GitHub Wiki
Using --privileged flag
By using this flag, container will have access and all capabilities to all the devices connected to the host (everything under /dev/).
However privileged mode will break isolation between the host and the container what sounds a little bit risky at some point - container will have access to other critical resources of the host system even including running full host root.
Other disadvantage is fact that container will have access to all devices that existed when container was created. This means the device will be not available in container when it was disconnected/reconnected from the host during container runtime.
Using --device or --device-cgroup-rule flags
The --device flag will expose single device (/dev/ttyACM0) or group of devices (/dev/bus/).
Example: --device /dev/ttyACM0
The --device-cgroup-rule flag allows to specify more general rule for accessing wider range of devices. In the same way, it can be used to limit access only to some devices.
To use this flag, before creating the container we need to know the major and minor number of the device which we want the container to have access to.
Example: --device-cgroup-rule 'a 189:* rmw'
In both cases, exposed devices will be accessible from the container only if they were connected during container creation.
Mounting the devices as a volume
Instead of using --device flag, device or devices directory can mounted directly as a volume. With this approach all changes in mounted directory will be visible in the container what means device reconnecting will works now.
Example: -v /dev/bus/usb:/dev/bus/usb
All above solutions will work on Linux and probably on OsX systems.
Please keep in mind that even if the whole /dev/ directory will be mapped into the Docker container, still there is a problem with udev support and mounting usb msd directories during container runtime.
For debugging purpose this should be fine as long as used debug probe will based on raw usb device specified in /dev/bus/usb/ directory.
Using usbip with Docker port forwarding
From the USB/IP site:
USB/IP Project aims to develop a general USB device sharing system over IP network. To share USB devices between computers with their full functionality, USB/IP encapsulates "USB I/O messages" into TCP/IP payloads and transmits them between computers.
The usbip looks like a great candidate to solve some problems with sharing usb devices between host system and Docker containers. We don't have to bother with mounting multiple host system directories or creating device cgroup .
However, to support usbip on client (container) side, the vhci-hcd kernel module has to be loaded what is only possible if container was started with privileged mode enabled. Even if we decide to use privileged mode and load vhci-hcd module, there is still a problem with limited udev support on container side or creating special script on host for setup mbed boards usb to work with usbip. Open question is about dynamic device connecting/disconnecting during container runtime.
Finally,the usbip is only available on Linux, what means OSX or Windows users will have to deal with usbip ports specifc for their systems (for e.g. usbip-win for Windows)