Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add --device flag to allow additional host devices in container 

We add a --device flag which can be used like:

 docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash

To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.

Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.

Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
This commit is contained in:
Timothy 2014-05-31 04:00:47 +00:00 committed by Tibor Vass
parent 316fa6a218
commit 57b53e22fe
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/sources/reference/commandline/cli.md
View File

@ -946,6 +946,7 @@ removed before the image is removed.
-u, --user="" Username or UID -u, --user="" Username or UID
-v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container) -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container)
--volumes-from=[] Mount volumes from the specified container(s) --volumes-from=[] Mount volumes from the specified container(s)
--device=[] Add a host device to the container (e.g. --device=/dev/sdc[:/dev/xvdc[:rwm]])
-w, --workdir="" Working directory inside the container -w, --workdir="" Working directory inside the container
The `docker run` command first `creates` a writeable container layer over the The `docker run` command first `creates` a writeable container layer over the
@ -1122,6 +1123,20 @@ logs could be retrieved using `docker logs`. This is
useful if you need to pipe a file or something else into a container and useful if you need to pipe a file or something else into a container and
retrieve the container's ID once the container has finished running. retrieve the container's ID once the container has finished running.
$ sudo docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo}
brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc
brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd
crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo
It is often necessary to directly expose devices to a container. ``--device``
option enables that. For example, a specific block storage device or loop
device or audio device can be added to an otherwise unprivileged container
(without the ``--privileged`` flag) and have the application directly access it.
** Security note: **
``--device`` cannot be safely used with ephemeral devices. Block devices that may be removed should not be added to untrusted containers with ``--device``!
**A complete example:** **A complete example:**
$ sudo docker run -d --name static static-web-files sh $ sudo docker run -d --name static static-web-files sh