I’m wanting to add android devices via USB/ADB to my docker containers. The recommended approach for devices is to use the --device /dev/bus/usb/xxx/xxx flag. However, since my android devices come and go as I reboot them or put them into recovery mode, this approach will not work. Another approach is to bind the volume /dev/bus/usb from the host and make the container privileged, but then I no longer have the isolation that I need as all devices will be available to all containers.

I recently came across the –device-cgroup-rule and thought that might be worth investigating, but I’m having a hard time thinking of how it would work (I’m no udev expert). I’m hoping the community will have any guidance on how to proceed.

I understand that I need to write a udev rule that monitors usb devices for events and trigger a “docker exec mknod $major $minor $path”. One sticking point is that when my android devices go into recovery mode (for flashing new ROMs), the product ID changes and it also has no serial number. So, the only way to distinguish devices on the host is with their physical USB path (ie /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.1/2-1.1.3/2-1.1.3.1). However, I’m not sure what parameters to provide to --device-cgroup-rule.

Is this type of setup even possible with --device-group-rule?