Podman run device argument can't specify device on container

[djzager]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

This may simply be a doc issue but I see in the podman-run man page it says:

       --device=[]

       Add a host device to the container. The format is <device-on-host>[:<device-on-container>][:<permissions>] (e.g.
       --device=/dev/sdc:/dev/xvdc:rwm)

But, when I attempt to add a device in this way I get an error invalid argument.

$ podman run --rm -it --entrypoint /bin/bash --device /dev/snd:/dev/snd:rwm localhost/dzager/ffmpeg
not allowed to specify destination with a directory /dev/snd:/dev/snd:rwm: invalid argument

Steps to reproduce the issue:

1. $ podman run --rm -it --entrypoint /bin/bash --device /dev/snd:/dev/snd:rwm localhost/dzager/ffmpeg

Describe the results you received:

$ podman run --rm -it --entrypoint /bin/bash --device /dev/snd:/dev/snd:rwm localhost/dzager/ffmpeg
not allowed to specify destination with a directory /dev/snd:/dev/snd:rwm: invalid argument

Describe the results you expected:

To be able to specify <device-on-host>[:<device-on-container>][:<permissions>]

Output of podman version:

$ podman version
Version:       1.0.0
Go Version:    go1.11.4
Git Commit:    "49780a1cf10d572edc4e1ea3b8a8429ce391d47d"
Built:         Mon Jan 14 15:38:17 2019
OS/Arch:       linux/amd64

Output of podman info:

$ podman info
host:
  BuildahVersion: 1.6-dev
  Conmon:
    package: podman-1.0.0-1.git82e8011.fc29.x86_64
    path: /usr/libexec/podman/conmon
    version: 'conmon version 1.12.0-dev, commit: 49780a1cf10d572edc4e1ea3b8a8429ce391d47d'
  Distribution:
    distribution: fedora
    version: "29"
  MemFree: 124120608768
  MemTotal: 135115034624
  OCIRuntime:
    package: runc-1.0.0-68.dev.git6635b4f.fc29.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc6+dev
      commit: ef9132178ccc3d2775d4fb51f1e431f30cac1398-dirty
      spec: 1.0.1-dev
  SwapFree: 4294963200
  SwapTotal: 4294963200
  arch: amd64
  cpus: 16
  hostname: localhost.localdomain
  kernel: 4.20.8-200.fc29.x86_64
  os: linux
  rootless: true
  uptime: 24h 24m 34.42s (Approximately 1.00 days)
insecure registries:
  registries: []
registries:
  registries:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  ConfigFile: /home/dzager/.config/containers/storage.conf
  ContainerStore:
    number: 5
  GraphDriverName: overlay
  GraphOptions:
  - overlay.mount_program=/usr/bin/fuse-overlayfs
  GraphRoot: /var/home/dzager/.local/share/containers/storage
  GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
  ImageStore:
    number: 7
  RunRoot: /run/user/1000

Additional environment details (AWS, VirtualBox, physical, etc.):

# Running on silverblue
$ cat /etc/redhat-release 
Fedora release 29 (Twenty Nine)

[djzager]

If the goal of what I am trying to do turns out to be important (I don't think it is), what I would like to be able to do is share my soundcard with the container for the purpose of recording my screen and audio via the ffmpeg container. Where is a good place to go to get help with that? IRC channel? (I looked on podman.io but didn't see where I should go.)

[TomSweeneyRedHat]

Hey @djzager

I think the best start is the one you took, to create an issue. If you want a little more direct help, you certainly can hit us up on IRC too (freenode #podman), although best bet is to do so between 10 am and 2 pm Eastern (about one hour from now) as that's the sweet spot when most of the team is onboard there, we're very geographically spread out across the globe.

[mheon]

@djzager I'm not the most familar with the Linux sound stack, but /dev/snd is a directory on my system, and from the error here I'm assuming on your system as well. What's your intent here - to have every device node in that directory accessible in the container?

@rhatdan Didn't you patch --device to support directory paths recently? That sounds like something that would have been in 1.0

[djzager]

My apologies, I may have introduced confusion by mentioning what I was trying to do (really just wanted to know the best way to get help with what I was trying to accomplish).

The reason that I wrote the issue is that there is a discrepancy, at least as I see it, between what the podman-run manpage says I can do and what I can actually do. Specifically, the manpage says that
podman run --device /dev/snd:/dev/snd:rwm /path/to/image is valid but when I run podman run --rm -it --entrypoint /bin/bash --device /dev/snd:/dev/snd:rwm localhost/dzager/ffmpeg the process exits with the error not allowed to specify destination with a directory /dev/snd:/dev/snd:rwm: invalid argument.

[rhatdan]

First are you attempting this as non-root?
This should work as root, but will probably fail as non-root since you don't have permissions to create a sound device as a non root user.

[adrianreber]

Maybe in the future the newly introduced seccomp trap to user space feature (https://lwn.net/Articles/756233/) can help to create those devices for the non-root use case.

[rhatdan]

Maybe, although I would be nervous about abuse.

I think you could volume mount in the device and use it.

[djzager]

First are you attempting this as non-root?

I think this may be relevant to my end goal. I'll have to dig into that fact further.

However, the issue with the manpage vs actual cli experience is still the main purpose of this issue 😎

[dzager@localhost ffmpeg]$ sudo buildah images
IMAGE NAME                                               IMAGE TAG            IMAGE ID             CREATED AT             SIZE
docker.io/library/fedora                                 latest               25e6809f6fab         Dec 17, 2018 20:20     282 MB
docker.io/library/fedora                                 29                   25e6809f6fab         Dec 17, 2018 20:20     282 MB
localhost/dzager/ffmpeg                                  latest               73d7616ac019         Feb 20, 2019 16:22     1.03 GB
[dzager@localhost ffmpeg]$ sudo podman run --rm -it --entrypoint /bin/bash --device /dev/snd:/dev/snd:rwm localhost/dzager/ffmpeg
not allowed to specify destination with a directory /dev/snd:/dev/snd:rwm: invalid argument
[dzager@localhost ffmpeg]$ sudo su -
Last login: Thu Feb 14 16:45:32 EST 2019 on pts/1
[root@localhost ~]# buildah images
IMAGE NAME                                               IMAGE TAG            IMAGE ID             CREATED AT             SIZE
docker.io/library/fedora                                 latest               25e6809f6fab         Dec 17, 2018 20:20     282 MB
docker.io/library/fedora                                 29                   25e6809f6fab         Dec 17, 2018 20:20     282 MB
localhost/dzager/ffmpeg                                  latest               73d7616ac019         Feb 20, 2019 16:22     1.03 GB
[root@localhost ~]# podman run --rm -it --entrypoint /bin/bash --device /dev/snd:/dev/snd:rwm localhost/dzager/ffmpeg
not allowed to specify destination with a directory /dev/snd:/dev/snd:rwm: invalid argument

[mheon]

Ahh, I think I see what this is.

@djzager Does it work if you just do --device /dev/snd?

@rhatdan It looks like the manpage doesn't mention that directories can only be used without a destination (--device /dev/snd works, but --device /dev/snd:/dev/snd does not). We could update the manpages here to reflect that, or potentially just make destination work with directories - doesn't seem like it would be that difficult

[rhatdan]

@QiWang19 Could you look into this.