docker-android Documentation update for Docker --cap-add flag

Operating System: Linux host

The current --privileged flag is giving full access to the host. Could someone update the documentation with --cap-add flag for the actual host privileges needed to run the images for this repo? This will limit any security vulnerabilities that might exist within the image.

Jan 22 '19 21:01 j7an

Hi @j7an ,

It would be great if you could help us with it and create a PR.

Jan 24 '19 08:01 budtmo

fyi, you can use --cap-add=SYS_ADMIN --device=/dev/bus/usb.

Mar 29 '19 23:03 malletjo

Hi @malletjo ,

could you update documentation and create a PR?

Apr 02 '19 11:04 budtmo

@malletjo It looks like --cap-add=SYS_ADMIN is same as giving root access based on CAP_SYS_ADMIN: the new root. Are there other ones we can use as alternative?

Apr 03 '19 18:04 j7an

I also tried to not use the privileged mode and replace it with --cap-add=SYS_ADMIN, with --cap-add=NET_ADMIN, with --cap-add=SYS_MODULE and as @malletjo noted with --cap-add=SYS_ADMIN --device=/dev/bus/usb nothing worked for me. I'm not using a real device. Here is the official documentation of --cap-add.

Maybe it has something to do with the HAXM and KVM which are needed for virtualization and are only available on the host? Correct me if I'm wrong. Is there a place inside the docker container where the logs of the startup process are stored? I'd love to help, but I think I'm not quite as deep in this topic than you are.

May 09 '19 01:05 HasBert

--privileged tag is not needed anymore. Please check the current documentation to run docker-android.

May 09 '23 19:05 budtmo