What is the problem you're trying to solve
The Docker container engine offers the --device-cgroup-rule option to add devices to allowed devices list. This is very helpful if hardware needs to be accessed from within the container to make sure only a minimal set of hardware is accessible (helps to avoid the use of --privileged).
Describe the solution you'd like
In Docker Compose format 2.3 and later this has been part of the Docker Compose spec. I would like to readd this field to the latest version of the Docker Compose spec.
Additional context
This is a "Container runtime configuration", which in turn is part of "Deploy" area and as defined in the VISION.md document, this area is in scope of Compose.
The device_cgroup_rules as specified in Compose v2 reference:
https://docs.docker.com/compose/compose-file/compose-file-v2/#device_cgroup_rules
What is the problem you're trying to solve
The Docker container engine offers the
--device-cgroup-ruleoption to add devices to allowed devices list. This is very helpful if hardware needs to be accessed from within the container to make sure only a minimal set of hardware is accessible (helps to avoid the use of--privileged).Describe the solution you'd like
In Docker Compose format 2.3 and later this has been part of the Docker Compose spec. I would like to readd this field to the latest version of the Docker Compose spec.
Additional context
This is a "Container runtime configuration", which in turn is part of "Deploy" area and as defined in the VISION.md document, this area is in scope of Compose.
The
device_cgroup_rulesas specified in Compose v2 reference:https://docs.docker.com/compose/compose-file/compose-file-v2/#device_cgroup_rules