Why don't my udev rules work inside of a running docker container?

Asked 27/4, 2016 at 4:50 Answered 27/4, 2016 at 15:57

I have udev rules written to create SYMLINKS when a device is connected. The rules are working fine on the host machine, but when I start a container with these same rules installed in /etc/udev/rules.d, they don't work inside my container.

I am trying to detect when an external drive is plugged in and create a corresponding symlink. /dev/sdX is created on boot of the container iff the drive was present at time of docker run, but it won't appear after the run command, nor will it disappear upon the drive being removed.

Here's an example rule that works just fine on the host machine:

KERNEL=="sd?", SYMLINK+="test_%k"

Strife answered 27/4, 2016 at 4:50 Comment(1)

Would you please post what kind of device you'd like to handle and what your rules look like? – Vespertilionine 27/4, 2016 at 6:52

I figured it out. What I've seen done on the internet is to mount the host's /dev inside the container:

docker run -v=/dev:/dev (Note: not safe)

But this is very dangerous and pretty much destroys the host computer by mucking with permissions (e.g. psuedo-terminals can't be spawned).

However, if I set up a udev rule on the host machine to create devices in a unique subdirectory, like /dev/foo/sdX, I can then just share dev/foo with my container:

docker run -v=/dev/foo:/dev/foo

Now, when I insert a drive that matches my udev rule, the host machine creates a symlink in /dev/foo/sdX, which is now suddenly visible to my container. When the drive is removed, /dev/foo/sdX also disappears.

The one missing feature that would be nice is the ability to trigger a script inside the container when the device is created. A udev rule can do that on the host machine, but no udev rules seem to be tripped inside the container. So manual polling it is, for now.

Strife answered 27/4, 2016 at 15:57 Comment(0)

It depends what kind of device you'd like to handle.

Udev in containers is mentioned in

Especially the latest link gives hints how to debug the situation.

You can monitor events related to udev by using:

$ udevadm monitor

And for fun you can trigger events by calling:

$ udevadm trigger --subsystem=net --action=change

The docker support for udev is obviously limited since docker is not working like a virtualization environment in all aspects.

Vespertilionine answered 27/4, 2016 at 6:52 Comment(2)

I'm able to see events with udevadm monitor, but my rules don't get triggered on any of these commands. – Strife 27/4, 2016 at 15:25

@Wolfgang Fahl, > The docker support for udev is obviously limited. What's limited? Do you have any idea for my question here? – Wardmote 28/5, 2020 at 12:34

Recommended topics

Hot tags