Question posted in 
I have been trying to access block storage device of host system from a docker container though binding mount. Getting ‘Operation not permitted’ error.
Is there anything that I’m missing here:
# ls -l /dev/sdb
brw-rw---- 1 root disk 8, 16 Sep 3 00:52 /dev/sdb
#
# dd if=/dev/zero of=/dev/sdb bs=1M
16005+0 records in
16005+0 records out
16782458880 bytes (17 GB) copied, 12.4396 s, 1.3 GB/s
#
#
# docker container run --name c1 -it --mount type=bind,source=/dev/sdb,target=/data centos
/# ls -l /data
brw-rw---- 1 root disk 8, 16 Sep 3 06:52 /data
/#
/#
/# dd if=/dev/zero of=/data bs=1M
dd: failed to open '/data': Operation not permitted
/#
2
Answers
You should use the
--deviceflag to pass any kind of device to a container, the doc isn’t the most complete on this feature but it’s simple enough, something likedocker container run --name c1 -it --device=/dev/sdb centosshould work fine.Of course you’ll then have to mount it inside your container unto
/data.For hardware device, you will need to give capabilities to container to operation the device, there are 2 options here:
Option 1: Use privileged
See Full container capabilities (–privileged):
Option 2: Use –device
See Add host device to container (–device):