docker - 从无根 Docker 容器访问 USB 蓝牙加密狗

Question

如此处所述设置无根 Docker 后，我尝试从容器内部使用蓝牙 USB 加密狗。我确认加密狗在主机上工作并且我可以hcitool -i hci0 lescan成功运行（使用 root 用户）。从互联网上的众多帖子中，似乎必须使用以下选项的组合启动容器：

• --net=host
• --privileged
• 有能力NET_ADMIN
• 有能力NET_RAW
• 有能力SYS_ADMIN

请注意，我使用的是 Portainer，但使用的等效 CLI 命令是docker run -ti --privileged --net=host --cap-add=NET_ADMIN --cap-add=NET_RAW --cap-add=SYS_ADMIN ubuntu:latest --name bletest /bin/bash. 因此，我使用所有这些选项启动了容器 - 但是，尝试访问设备时出现以下错误：

root@srv:/# service dbus status
 * dbus is running
root@srv:/# hciconfig hci0
Can't open HCI socket.: Address family not supported by protocol

root@srv:/# /usr/lib/bluetooth/bluetoothd -d -n
bluetoothd[790]: Bluetooth daemon 5.53
bluetoothd[790]: src/main.c:parse_config() parsing /etc/bluetooth/main.conf
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “DiscoverableTimeout” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “AlwaysPairable” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “PairableTimeout” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “Privacy” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “Name” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “Class” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “DeviceID” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have key “ReverseServiceDiscovery” in group “General”
bluetoothd[790]: src/main.c:parse_config() Key file does not have group “GATT”
bluetoothd[790]: src/main.c:parse_config() Key file does not have group “GATT”
bluetoothd[790]: src/main.c:parse_config() Key file does not have group “GATT”
bluetoothd[790]: Failed to access management interface
bluetoothd[790]: Adapter handling initialization failed

-v /var/lib/bluetooth -v /sys/fs/cgroup:/sys/fs/cgroup:ro从这里开始运行：

root@srv:/# ls -lah /var/lib/bluetooth/00\:02\:72\:CD\:0B\:0B/
ls: cannot open directory '/var/lib/bluetooth/00:02:72:CD:0B:0B/': Permission denied

最后一个命令在主机上运行，​​这导致我仍然怀疑一些权限错误。我可以设置任何其他选项以允许使用容器中的蓝牙加密狗吗？

请注意，我在测试设备后从主机卸载，因为我在这里bluez读到如果被某些蓝牙服务访问，它可能会被主机阻止。之后，我还确保在物理上重新连接加密狗。

编辑：还要注意（现在）我将主机系统上的 Docker 用户（dkr）添加到蓝牙和 netdev（后者不存在，所以我创建了它）组。我确认主机用户可以bluetoothctl用来扫描设备 ( scan on/off)。hcitool lescan但是，由于某种原因，仍然不允许用户运行。