Docker Community Forums

Share and learn in the Docker community.

Device ACL not visible in docker container

Just as a reference, I posted here first but it didn’t attract much interests: https://stackoverflow.com/questions/63725623/device-acl-not-visible-in-docker-container

I have a serial device which I get access through ACL which can be seen on the host OS:

fgervais@fgervais-System-Product-Name:~$ getfacl /dev/ttyUSB3 
getfacl: Removing leading '/' from absolute path names
# file: dev/ttyUSB3
# owner: root
# group: dialout
user::rw-
user:fgervais:rw-
group::rw-
mask::rw-
other::---

I then map it in a container:

docker run --rm -it -v $(pwd):/project -w /project --user $(id -u):$(id -g) -v /etc/group:/etc/group -v /etc/passwd:/etc/passwd --device /dev/ttyUSB3:/dev/ttyUSB3 espressif/idf:v3.3.2 bash

However inside the container I don’t have access anymore:

fgervais@caee53c47877:/project$ id
uid=1000(fgervais) gid=1000(fgervais) groups=1000(fgervais)

fgervais@caee53c47877:/project$ getfacl /dev/ttyUSB3 
getfacl: Removing leading '/' from absolute path names
# file: dev/ttyUSB3
# owner: root
# group: dialout
user::rw-
group::rw-
other::---

Anyone knows why?

In addition to Docker’s standard plugin registration method, each plugin should implement the following two methods:

/AuthZPlugin.AuthZReq This authorize request method is called before the Docker daemon processes the client request.

/AuthZPlugin.AuthZRes This authorize response method is called before the response is returned from Docker daemon to the client.

/AUTHZPLUGIN.AUTHZREQ
Request:

{
“User”: “The user identification”,
“UserAuthNMethod”: “The authentication method used”,
“RequestMethod”: “The HTTP method”,
“RequestURI”: “The HTTP request URI”,
“RequestBody”: “Byte array containing the raw HTTP request body”,
“RequestHeader”: "Byte array containing the raw HTTP request header as a map[string]string "
}
Response:

{
“Allow”: “Determined whether the user is allowed or not”,
“Msg”: “The authorization message”,
“Err”: “The error message if things go wrong”
}
/AUTHZPLUGIN.AUTHZRES
Request:

{
“User”: “The user identification”,
“UserAuthNMethod”: “The authentication method used”,
“RequestMethod”: “The HTTP method”,
“RequestURI”: “The HTTP request URI”,
“RequestBody”: “Byte array containing the raw HTTP request body”,
“RequestHeader”: “Byte array containing the raw HTTP request header as a map[string]string”,
“ResponseBody”: “Byte array containing the raw HTTP response body”,
“ResponseHeader”: “Byte array containing the raw HTTP response header as a map[string]string”,
“ResponseStatusCode”:“Response status code”
}
Response:

{
“Allow”: “Determined whether the user is allowed or not”,
“Msg”: “The authorization message”,
“Err”: “The error message if things go wrong”
}

Is this reply here by mistake?