docker-x-server icon indicating copy to clipboard operation
docker-x-server copied to clipboard
verified publisher icon bedrin

do not use --privileged mode

Open bedrin opened this issue 4 years ago • 1 comments

We can map following devices instead (either with --device or with --device AND --volume): /dev/input /dev/console /dev/dri /dev/fb0 /dev/tty* /dev/nvidiactl /dev/nvidia-uvm /dev/nvidia0 /dev/vga_arbiter /dev/snd

With alsa /dev/snd can only be used from single container

bedrin avatar Sep 08 '21 11:09 bedrin

Some devices might in /dev might depend on system, i.e. /dev/nvidia* only exist on devices with NVidia GPU

If docker container is created say using Ansible we could calculate a list of devices in runtime, based on some well-known list or by querying devices with video group ownership.

Following command seems to work fine without --privileged flag:

docker run --name mpv --device=/dev/input --device=/dev/console --device=/dev/dri --device=/dev/fb0 --device=/dev/tty --device=/dev/tty1 --device=/dev/vga_arbiter --device=/dev/snd  --device=/dev/psaux -it --cap-add=SYS_TTY_CONFIG mpv:latest

bedrin avatar Sep 08 '21 18:09 bedrin