This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 38%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Hi
I have a container, which i want to deploy as custom iot edge module. This module has a container that needs privileged access because we want to volume mount /dev of host system regarding serial ports.
Below is the snapshot of createOptions in deployment.json file where I defined Privileged as true for HostConfigs. Is this correct or some changes required. Also is it possible to provide privileged access only to particular file or directory example: /dev/ttyS0 . I want to expose serial port /dev/ttyS0
Please suggest and correct me, if correction required and share more info on this.
"createOptions": {
"ExposedPorts": {
"12345/tcp": {},
"/dev/ttyS0":{}
},
"Env": [
"SAMPLE_PORT=12345",
"SERIAL_PORT=/dev/ttySO"
],
"Volumes": {
"/dev": {}
},
"HostConfig": {
"Privileged": true,
"NetworkMode": "host",
"Binds": [
"app_dev-data:/dev:rw"
],
"PortBindings": {
"12345/tcp": [
{
"HostIp": "",
"HostPort": "12345"
}
]
}
},
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 38%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQ%3C/text%3E%3C/svg%3E)
Hello @Madanala, Jayashree ,
Yes, It is possible and should be preferred. See example on how to configure this:
I hope you have also followed this document: Link module storage to device storage for custom modules
How to configure container create options for IoT Edge modules
Thanks for this. My main question here is instead of making entire container as privileged mode. Is it possible to provide privileged access only to particular device serial port example: /dev/ttyS0 . Can i expose only this serial port without giving privileged access. and how to do it.
Hello MadanalaJayashree-7313,
In the past, I wrote this reference module for serial communication.
In the readme, you see how we provided access to the ports.
See also this blog post.
thanks for sharing this. I can see that we need to give permissions explicitly to dev/ttyS0 with chmod command. Then set the device hotsconfig in Azure module.
Is there any possibility to get access to /dev/ttyS0 without explicitly logging into edge device and giving permissions. Can we give privileged access only to /dev/ttyS0 through Azure module manifest file (createOptions, etc)
Hello @Madanala, Jayashree ,
Docker containers run 'sandboxed' so access is limited the way you experience now.
The Deployment manifest has no power regards the OS access.
You have played with the "Privileged": true property. That is the only alternative I know of.
That works with GPIO access to a Raspberry Pi though access privileges as somewhat softened there compared to an industrial situation using Ubuntu etc..