Host owner:group not honored in container for devices in Docker CE 17.12.1 #36628
Description
Description
When passing through a device with the device tag --device=, host user:group are not honored in the container. It's changed to root:root regardless of what is set for the device in host.
This doesn't happen in 17.12.0.
Problem happens on both Ubuntu 16.04.04 LTS and unRAID 6.5 (Linux 4.14.26-unRAID x86_64). They both use different kernel version, so problem is in Docker, as verified by installing different versions.
This is the permissions in host:
saarg@UbuntuVMDev:~$ ls -la /dev/ttyUSB0
crw-rw---- 1 root dialout 188, 0 mars 18 15:41 /dev/ttyUSB0
This is the permissions in the container on 17.12.1:
saarg@UbuntuVMDev:~$ docker exec -it oscam bash
root@9e49a208106c:/$ ls -la /dev/ttyUSB0
crw-rw---- 1 root root 188, 0 Mar 18 15:07 /dev/ttyUSB0
Steps to reproduce the issue:
- Install Docker CE 17.12.1
- Create a container with a device passed through not owned by root:root
docker run -d --name=oscam -v /home/saarg/config/:/config -e PGID=1000 -e PUID=1000 -p 8888:8888 --device=/dev/ttyUSB0 linuxserver/oscam
Describe the results you received:
saarg@UbuntuVMDev:~$ docker exec -it oscam bash
root@9e49a208106c:/$ ls -la /dev/ttyUSB0
crw-rw---- 1 root root 188, 0 Mar 18 15:07 /dev/ttyUSB0
Describe the results you expected:
saarg@UbuntuVMDev:~$ ls -la /dev/ttyUSB0
crw-rw---- 1 root dialout 188, 0 mars 18 15:41 /dev/ttyUSB0
Additional information you deem important (e.g. issue happens only occasionally):
In my example I'm using a USB smartcard reader passed through to linuxserver/oscam container, but you can pass through a DVB card, GPU or other device to a container and get the same result.
Output of docker version:
saarg@UbuntuVMDev:~$ docker version
Client:
Version: 17.12.1-ce
API version: 1.35
Go version: go1.9.4
Git commit: 7390fc6
Built: Tue Feb 27 22:17:40 2018
OS/Arch: linux/amd64
Server:
Engine:
Version: 17.12.1-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.4
Git commit: 7390fc6
Built: Tue Feb 27 22:16:13 2018
OS/Arch: linux/amd64
Experimental: false
Output of docker info:
saarg@UbuntuVMDev:~$ docker info
Containers: 6
Running: 1
Paused: 0
Stopped: 5
Images: 20
Server Version: 17.12.1-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 61
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9b55aab90508bd389d7654c4baf173a981477d55
runc version: 9f9c96235cc97674e935002fc3d78361b696a69e
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-59-generic
Operating System: Ubuntu 16.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.859GiB
Name: UbuntuVMDev
ID: MZ4C:VHPR:JLKH:AG4E:GZOK:O2ZG:3BET:4KGH:VRWJ:PZRF:NB6A:42ZD
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
Additional environment details (AWS, VirtualBox, physical, etc.):