From 9bd8aec315aea395743890abd9f4fe6f407d145e Mon Sep 17 00:00:00 2001
From: Jason Kulatunga <jason@thesparktree.com>
Date: Wed, 23 Sep 2020 20:49:56 -0600
Subject: [PATCH] update getting started & documentation to remove -v /dev/
 mount and --privileged requirement. Uses --cap-add and --device instead close
 #26 close #18

---
 .github/ISSUE_TEMPLATE/bug_report.md |  6 ++++--
 CONTRIBUTING.md                      |  7 ++++++-
 README.md                            | 18 ++++++++++++------
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index f1790c0..7fdb7fd 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -22,12 +22,14 @@ If related to missing devices or SMART data, please run the `collector` in DEBUG
 ```
 docker run -it --rm -p 8080:8080 \
 -v /run/udev:/run/udev:ro \
--v /dev/disk:/dev/disk \
+--cap-add SYS_RAWIO \
+--device=/dev/sda \
+--device=/dev/sdb \
 -e DEBUG=true \
 -e COLLECTOR_LOG_FILE=/tmp/collector.log \
 -e SCRUTINY_LOG_FILE=/tmp/web.log \
 --name scrutiny \
---privileged analogj/scrutiny
+analogj/scrutiny
 
 # in another terminal trigger the collector
 docker exec scrutiny scrutiny-collector-metrics run
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ef2f719..3628466 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -7,7 +7,12 @@ There are multiple ways to develop on the scrutiny codebase locally. The two mos
 ## Docker Development
 ```
 docker build -f docker/Dockerfile . -t analogj/scrutiny
-docker run -it --rm -p 9090:8080 -v /run:/run  -v /dev/disk:/dev/disk --privileged analogj/scrutiny
+docker run -it --rm -p 8080:8080 \
+-v /run/udev:/run/udev:ro \
+--cap-add SYS_RAWIO \
+--device=/dev/sda \
+--device=/dev/sdb \
+analogj/scrutiny
 /scrutiny/bin/scrutiny-collector-metrics run
 ```
 
diff --git a/README.md b/README.md
index 18a7d2c..f51ceed 100644
--- a/README.md
+++ b/README.md
@@ -59,13 +59,17 @@ If you're using Docker, getting started is as simple as running the following co
 ```bash
 docker run -it --rm -p 8080:8080 \
 -v /run/udev:/run/udev:ro \
--v /dev/disk:/dev/disk \
+--cap-add SYS_RAWIO \
+--device=/dev/sda \
+--device=/dev/sdb \
 --name scrutiny \
---privileged analogj/scrutiny
+analogj/scrutiny
 ```
 
-- `/run/udev` and `/dev/disk` are necessary to provide the Scrutiny collector with access to your drive metadata.
-- `--privileged` is required to ensure that your hard disk devices are accessible within the container (this will be changed in a future release)
+- `/run/udev` is necessary to provide the Scrutiny collector with access to your device metadata
+- `--cap-add SYS_RAWIO` is necessary to allow `smartctl` permission to query your device SMART data
+    - NOTE: If you have NVMe drives, you must use `--cap-add SYS_ADMIN` instead. See #26
+- `--device` entries are required to ensure that your hard disk devices are accessible within the container
 - `analogj/scrutiny` is a omnibus image, containing both the webapp server (frontend & api) as well as the S.M.A.R.T metric collector. (see below)
 
 ### Hub/Spoke Deployment
@@ -82,10 +86,12 @@ analogj/scrutiny:web
 
 docker run -it --rm \
 -v /run/udev:/run/udev:ro \
--v /dev/disk:/dev/disk \
+--cap-add SYS_RAWIO \
+--device=/dev/sda \
+--device=/dev/sdb \
 -e SCRUTINY_API_ENDPOINT=http://SCRUTINY_WEB_IPADDRESS:8080 \
 --name scrutiny-collector \
---privileged analogj/scrutiny:collector
+analogj/scrutiny:collector
 ```