USB hotplug for USB serial devices

benfrancis · February 16, 2026, 10:23pm

What is the current recommended way to handle USB serial devices being plugged in?

I am working on porting an open source IoT gateway to balenaOS for the commercial pilot of an IoT hub product. The gateway has an add-ons system which adds support for a wide range of hardware including Zigbee and Z-Wave USB dongles (e.g. the Aeotec Z-Stick Z-Wave dongle or the Digi XStick or Conbee II Zigbee dongle).

On Raspbian the add-ons can automatically detect USB serial devices that are plugged into the device at runtime and use them.

Running inside a Docker container on balenaOS I can statically map a device in docker-compose.yml if I know what path it will be mounted at, e.g.

    devices:
      - /dev/ttyACM0:/dev/ttyACM0

However, if that device is not plugged in when the Docker image starts up it will simply refuse to start and the (headless) gateway becomes inoperable.

Ideally I would like to be able to dynamically detect USB dongles when they are plugged in using USB hotplug and automatically map them into the Docker container.

If I could create a bind mount to just bind the whole of the host’s /dev directory then I could configure device_cgroup_rules to allow the kernel to access certain classes of device, and perhaps use cap_add to add SYS_RAWIO for low level access (I do not want the container to be running privileged mode since that negates most of the security benefits of using a container), e.g.

    volumes:
      - '/dev:/dev' # Mount the host's dev directory
    device_cgroup_rules:
      - 'c 188:* rmw' # Allow USB serial devices (XBee, Conbee III, Sonoff)
      - 'c 166:* rmw' # Allow ACM devices (Conbee II)
    cap_add:
        - SYS_RAWIO

However, since bind mounts are not allowed this is not possible.

I can imagine some elaborate sidecar container that runs in privileged mode and pipes serial interfaces into unix sockets, but that would require re-architecting my whole gateway application and its 100 or so adapter add-ons in order for it to run on balenaOS.

Is there a recommended way to detect USB devices being plugged in via USB hotplug and automatically map them into a container?

ycardaillac · February 17, 2026, 8:30am

Hello @benfrancis,

Well we do have a way to let the container use the whole /dev, however I believe it does need to be privileged:

github.com/balena-io-experimental/balena-udev-rule-from-container

entrypoint.sh

master

#!/bin/sh

setup_devtmpfs() {
    newdev=/tmp/dev
    mkdir -p "$newdev"
    mount -t devtmpfs none "$newdev"
    mount --move /dev/console "$newdev/console"
    mount --move /dev/mqueue "$newdev/mqueue"
    mount --move /dev/pts "$newdev/pts"
    mount --move /dev/shm "$newdev/shm"
    umount /dev
    mount --move "$newdev" /dev
    ln -sf /dev/pts/ptmx /dev/ptmx
}

# Run setup before anything else
setup_devtmpfs

# Start udevd daemon in background
udevd --daemon

This file has been truncated. show original

Ideally I would like to be able to dynamically detect USB dongles when they are plugged in using USB hotplug and automatically map them into the Docker container.

I think that could be doable with a set of carefully crafted udev rules with proper access rights and clever volume management.

If you start this work and report here, we can try to guide you to the best possible outcome.

Regards,

Yann

Topic		Replies	Views
Docker container cannot access dynamically plugged USB devices balenaOS docker	36	40187	November 8, 2024
USB device cannot be viewed by docker container (+ libusb) openBalena docker , balena-cli , raspberrypi4	6	5114	April 26, 2022
Mount specific USB into each container Product support raspberrypi3	11	3895	March 27, 2019
USB re-connect fails from container balenaOS	4	1745	February 1, 2023
cap_add needed to detect usb device Product support docker , docker-compose	3	751	December 26, 2022

USB hotplug for USB serial devices

Related topics