can0 udev not arriving in container

I need to run scripts when the can0 device is plugged in or removed. The device is a peak-can and works fine in BalenaOS.

I have set
privileged: true
network_mode: host
In docker-compose.yml, I have set ENV UDEV=on in the Dockerfile.

My rules file looks like this:
ACTION==“add”, KERNEL==“can[0-1]", SUBSYSTEM==“net”, RUN+="/root/can_up.sh"
ACTION==“remove”, KERNEL=="can[0-1]”, SUBSYSTEM==“net”, RUN+="/root/can_down.sh"

The rules works perfectly in my Arch desktop system.

I’ve verified that all the files are in their correct places in the container.

When I run udevadm monitor on the host OS terminal I can see the can0 device being detected on plug i and out events. In the container nothing happens. All the docs I have read tells me that the above is all that is necessary to get device events communicated to the container - but this does not work.

How do I get can device plug-in events to my container ?

Hi there, I checked this out with the team, and this is currently an expected behaviour. The events not being propagated to the container is a result of running udev in a separate network namespace. There are network devices (mostly modems) that do not like double initialization (both host OS udev and the one in the container would run the same or similar rules). In the past we have seen this to cause loss of connectivity on devices in the field, therefore a defensive default. Unfortunately, due to udev internals, a side-effect is that this breaks the propagation of some events.

One thing you can try, is to omit the UDEV variable, and just start udev from within your container to get all the events - this could come with some connectivity risks though.