Docker container in priviledged mode not showing udev symlinks

Question

I'm running a docker container for an application that requires direct access to /dev/ttyACM0. Because of that I'm running the container with --privileged to allow it access to the /dev of the host.

When the operator executes docker run --privileged, Docker will enable to access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host.

https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

However, the device is sometimes given a different name on the host (/dev/ttyACM1, /dev/ttyACM2) which crashes the Docker application statically depending on the path /dev/ttyACM0.

Because of that I've created a udev rule that always maps the device to /dev/mydevice on the host, regardless of what /dev/ttyACMx. However link to the device isn't accessible in the container.

host$ ls -la /dev/ttyACM1 
crwxrwxrwx 1 root dialout 166, 1 Mai 24 22:33 /dev/ttyACM1
host$ ls -la /dev/mydevice 
lrwxrwxrwx 1 root root 7 Mai 24 22:33 /dev/mydevice -> ttyACM1

container# ls -la /dev/ttyACM1
crwxrwxrwx 1 root dialout 166, 1 May 24 20:13 /dev/ttyACM1
container# ls -la /dev/mydevice
ls: cannot access /dev/mydevice: No such file or directory

What is incorrect with the above approach?

Answer 1

Docker's --privileged creates a tmpfs inside the container and recreates all device nodes currently in the hosts /dev. However, it does not create or update symlinks from hosts /dev.

You can however bind mount real /dev inside the container using -v /dev:/dev to get all device and symlinks inside the container (with the caveat that you expose real /dev inside the container).