Detect USB mass storage device connection/disconnection within Docker container

Greetings @GMD,

Now this is a bit tricky. If you want to see the mount-points of the host system then you’ll need to be a bit insecure with how you run your container. To explain, what you’re essentially asking for here is, for the container to have access to the same mount namespace as the host system.

The mount namespace is one of many namespaces in the Linux kernel. This one provides isolation of the file system mount points seen by a group of processes. Due to the inherent isolation of containers, containers by default get their own mount namespace and can’t access the host mount namespace.

Now we can break this isolation, but it will result in a fairly “insecure” container at least by normal container standards. First run a container like so:

docker run --rm -it --privileged --pid host torizon/debian:3-bookworm nsenter -t 1 -m bash

We’re running a privileged container with the same PID as the host system. We then use the nsenter command to give access to the mount namespace of PID 1 to the bash process in the container. With this here’s what we see in the container:

# USB Drive already attached (sda1)
bash-5.1# lsblk
NAME         MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
sda            8:0    1 29.1G  0 disk
`-sda1         8:1    1 29.1G  0 part /var/rootdirs/media/COSTCO_USB
mmcblk0      179:0    0 14.8G  0 disk
`-mmcblk0p1  179:1    0 14.8G  0 part /var
                                      /usr
                                      /boot
                                      /
                                      /sysroot
mmcblk0boot0 179:32   0 31.5M  1 disk
mmcblk0boot1 179:64   0 31.5M  1 disk
zram0        253:0    0    0B  0 disk
# Remove USB drive
bash-5.1# lsblk
NAME         MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
mmcblk0      179:0    0 14.8G  0 disk
`-mmcblk0p1  179:1    0 14.8G  0 part /var
                                      /usr
                                      /boot
                                      /
                                      /sysroot
mmcblk0boot0 179:32   0 31.5M  1 disk
mmcblk0boot1 179:64   0 31.5M  1 disk
zram0        253:0    0    0B  0 disk
# Reattach USB drive
bash-5.1# lsblk
NAME         MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
sda            8:0    1 29.1G  0 disk
`-sda1         8:1    1 29.1G  0 part /var/rootdirs/media/COSTCO_USB
mmcblk0      179:0    0 14.8G  0 disk
`-mmcblk0p1  179:1    0 14.8G  0 part /var
                                      /usr
                                      /boot
                                      /
                                      /sysroot
mmcblk0boot0 179:32   0 31.5M  1 disk
mmcblk0boot1 179:64   0 31.5M  1 disk
zram0        253:0    0    0B  0 disk

As you can see attaching and reattaching my USB drive works and lsblk gives proper output with the MOUNTPOINTS listed properly. At the moment I’m not sure how to get the same result while running the container more securely.

Here’s some references I found when doing my research:

• linux - How to get disk usage from inside docker container - Stack Overflow
• Mount Namespace | HackTricks | HackTricks

Hopefully this was of some help to you.

Best Regards,
Jeremias