In standard Docker (runc) by default, /dev/mem is not mounted. It’s possible to pass it through with --device /dev/mem:/dev/mem to make it visible within the container. However, reading is still not permitted (Operation not permitted) unless the CAP_SYS_RAWIO capability is added with --cap-add CAP_SYS_RAWIO. After that, processes in the container can read from it.