Docker container cannot access dynamically plugged USB devices



I am trying to access a USB device (camera) inside my container running on Balena OS 2.24.0 rev2 on a Jetson TX2. It is a multi-container application and I am running the respective container with

    privileged: true
      - '/dev:/dev'

If the camera is plugged in during container launch I can access it. If I unplug it and replug it I cannot anymore.
For a normal Docker container the solution is to mount /dev: -v /dev:/dev in combination with running privileged. Then devices plugged in after the container is started are supported.
However, on BalenaOS mount binding is not allowed. How could I go about it?


Would it be a possibility to add another flag that will bind mount /dev to /dev?


I haven’t had to use the devices specification, wasn’t even familiar with it. On Intel NUC (ubuntu/debian) accessing /dev/ttyACM0, etc just works. except when the device locks up, of course.


For a normal Docker container the devices specification allows a bit more fine grained control than the broad privileged spec.

On Balena single containers always run in privileged mode, so if your hardware does not change after start of the container you should be able to access it.
My issue is that hardware that is plugged in after the container is started is not accessible.


Sorry to hear “issue is that hardware that is plugged in after the container is started is not accessible”
That doesn’t appear to be an issue with the Intel NUCs.

There is a discussion about restarting a container from inside of the container or from another system by using the https api: Restart container every 24 hours


Hi Jason,
that sounds like an interesting workaround, thank you.

Still a rather annoying way of doing it though.


Ideally, I would like to have a another label to add to a multicontainer docker-compose.yaml that bind mounds /dev:/dev.

I’ve searched for the implementation of the existing labels on github, but couldn’t find it. Could somebody point me to the right spot?


Hi Rapha,

Yes I agree, especially since we often don’t have reliable network access to our devices. Additionally we have found that when the USB connection to our device fails we have to physically power cycle the host system. Resets, reboots, device disconnections (physical) are not sufficient. Likely a device driver/usb chip issue.

So we’re looking into watchdogs and system power cycling.


Hi @jason10,
for us a simple restart of the container/service is sufficient.


It appears that the fixed bind-mounts are defined in the file.

I will try to add a custom rule for mounting /dev. A label would still be the nicer option, but I am not sure which dev can advise on that.

@petrosagg are you the right person to ask on how to ensure USB devices are accessible if plugged in after the Balena container is started and running?