Hello, I’m trying to run an unprivileged container to access the /sys/firmware/devicetree in resin-os on a raspberry pi 2 model B. I can only get access if i run it with --privileged but that won’t do since this is required for a hassio addon eventually (more about that in https://github.com/home-assistant/hassio/issues/468)
Running a container with --privileged gives access:
root@hassio:~# docker run -it --rm --privileged resin/rpi-raspbian:stretch ls -al /sys/firmware
total 0
drwxr-xr-x 3 root root 0 May 11 14:26 .
dr-xr-xr-x 12 root root 0 May 11 14:00 ..
drwxr-xr-x 3 root root 0 May 11 14:26 devicetree
-r-------- 1 root root 17085 May 11 14:26 fdt
But without the --priveleged and a mount set it, it does not have content:
root@hassio:~# docker run -it --rm --cap-add ALL --mount type=bind,source=/sys/firmware,target=/sys/firmware resin/rpi-raspbian:stretch ls -al /sys/firmware
total 0
drwxrwxrwt 2 root root 40 May 11 14:29 .
dr-xr-xr-x 12 root root 0 May 11 14:00 ..
What am I doing wrong? Any hints are appreciated.