Hi everyone! I have an application deployed with a Docker Compose file that uses webcams. Historically, my service has run as root with
privileged: true, which has allowed me to access all webcams on the user’s device without a problem. Now I’m trying to be a more responsible service by running as a normal user in the container, but in doing so I’ve lost access to the
/dev/video* devices. My first inclination was to add my container user to the
video group with
group_add, but this appears not to be portable because different distributions assign the
video group to different group IDs.
For example, in my Arch Linux host environment:
$ cat /etc/group | grep "video" video:x:986:velovix
But in an ubuntu:18.04 container:
$ cat /etc/group | grep "video" video:x:44:
This is problematic because the
/dev/video* files that are added to the container maintain the group IDs from the host environment.
$ ls -l /dev/video0 crw-rw---- 1 root 986 81, 0 May 4 23:51 /dev/video0
Does anyone know of a portable way to grant my non-root container user access to these webcam devices?