Container access to wireless network interface

Container access to wireless network interface

In my case, I wanted to use the wireless interface of a wireless USB device inside a docker container. At first, I tried the following methods for assigning the USB device to the container:

• Mount the USB path (e.g. /dev/bus/usb/003/004) inside the container. Example -v /dev/bus/usb/003/004:/dev/bus/usb/003/004:rw
• By using the --device flag. Example --device=/dev/bus/usb/003/004

Unfortunately, none of them worked. The reason is that if we run the container without --net=host then this container is in a separate namespace, the wlanX interface is in the host namespace and cannot be seen from inside the container.

There are two ways of giving a network interface to a container.

The first method is running the container with the flag --net=host. By doing this, we tell the container to use the host's net namespace. Note the security risks of this approach.

The second method is a bit trickier. The advantage is that we don't need to expose the whole network stack but rather the particular interface that we want to control from inside the container.

$ sudo docker run -i -t --rm --net=none --name=wifi-container ubuntu /bin/bash

At another shell:

$ sudo docker inspect -f '{{.State.Pid}}' wifi-container
2778
$ pid=2778
$ sudo mkdir -p /var/run/netns
$ sudo ln -s /proc/$pid/ns/net /var/run/netns/$pid

Add the interface to the container namespace:

(Important! you must specify the phy interface, not wlanX)

sudo iw phy phy1 set netns $pid

The way to run commands inside the container is through netns exec:

sudo ip netns exec $pid ip link set eth0 up

or...if you want, you could run the container with the --privileged flag and you can work from there.

And that's all, now you should be able to control the wireless interface from inside the container.

TODO

Add a eth0 interface with internet access

https://docs.docker.com/articles/networking/