[lxc-users] How to provide device access to lxc unprivileged containers ?

Yasoda Padala padala.yasoda at gmail.com
Wed Sep 19 05:34:25 UTC 2018 

>
>
> Hi  Andrey,
> Thank you for your response.
> As you suggested, for block devices I can mount the device into container
> FS and  can perform read/write on it.
> But I have the requirement to make char devices also (eg. HID card reader/
> barcode reader) accessible to unprivileged containers.
>
> Added the following entries in container config file
> 1. lxc.cgroup.devices.allow = c 180:* rw
>     lxc.mount.entry = /dev/usb/ dev/usb/ none bind,create=dir 0 0
> 2. Changed device owner to 100000
> 3. changed device permission to 777.on the host
>
> when I run lsusb (usb utility) inside the container, it is not enumerating
> the devices attached to the system. My knowledge on working with devices
> and lxc containers is very limited. I am new to linux and containerized
> apps development and still learning. If I am missing anything, please help.
>
> Thanks in advance,
> Yasoda
>
>
>
> On Tue, Sep 11, 2018 at 5:30 PM <
> lxc-users-request at lists.linuxcontainers.org> wrote:
>
>> Send lxc-users mailing list submissions to
>>         lxc-users at lists.linuxcontainers.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         http://lists.linuxcontainers.org/listinfo/lxc-users
>> or, via email, send a message with subject or body 'help' to
>>         lxc-users-request at lists.linuxcontainers.org
>>
>> You can reach the person managing the list at
>>         lxc-users-owner at lists.linuxcontainers.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of lxc-users digest..."
>> Today's Topics:
>>
>>    1. How to provide device access to lxc unprivileged  containers ?
>>       (Yasoda Padala)
>>    2. Re: How to provide device access to lxc unprivileged
>>       containers ? (Andrey Repin)
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: Yasoda Padala <padala.yasoda at gmail.com>
>> To: lxc-users at lists.linuxcontainers.org
>> Cc:
>> Bcc:
>> Date: Tue, 11 Sep 2018 14:15:32 +0530
>> Subject: [lxc-users] How to provide device access to lxc unprivileged
>> containers ?
>> Hi All,
>> I have a usb attached to my ubuntu machine (16.04) and trying to access
>> that device from unprivileged lxc container.
>> By access I mean, enumerate and do I/O on that device.
>> I have written a small program using libusb library and using that libusb
>> executable to enumerate,read/write usb device from container
>> Please find attached  lxc config file and libusb executable.
>> I have found plenty of examples in various forums but nothing worked for
>> me.
>>
>> Tried the following:
>> 1. Added below entries in lxc config file
>> lxc.cgroup.devices.allow = b 8:* rwm
>> lxc.mount.entry = /dev/bus/usb/001/ dev/bus/usb/001/ none bind,create=dir
>> 0 0
>> lxc.mount.entry = /dev/sdc
>> /home/oxpd/.local/share/lxc/Test/rootfs/dev/sdc none bind,create=file 0 0
>> lxc.mount.entry = /dev/sdc1
>> /home/oxpd/.local/share/lxc/Test/rootfs/dev/sdc1 none bind,create=file 0 0
>>
>> 2. Changed device owner to 100000
>> 3. changed device permission to 777.on the host
>>
>> when I run the libusb executable on host, all the attached device are
>> listed, but the same when I run inside the container it says 0 devices are
>> attached.
>> Is there any other configuration I am missing. Please help.
>>
>> Thanks & Regards,
>> Yasoda
>>
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: Andrey Repin <anrdaemon at yandex.ru>
>> To: Yasoda Padala <lxc-users at lists.linuxcontainers.org>
>> Cc:
>> Bcc:
>> Date: Tue, 11 Sep 2018 12:04:45 +0300
>> Subject: Re: [lxc-users] How to provide device access to lxc unprivileged
>> containers ?
>> Greetings, Yasoda Padala!
>>
>> > Hi All,
>> > I have a usb attached to my ubuntu machine (16.04) and trying to access
>> > that device from unprivileged lxc container.
>> > By access I mean, enumerate and do I/O on that device.
>>
>> What for? If it's a block device, just mount it into container FS.
>>
>> > I have written a small program using libusb library and using that
>> libusb
>> > executable to enumerate,read/write usb device from container
>> > Please find attached  lxc config file and libusb executable.
>> > I have found plenty of examples in various forums but nothing worked
>> for me.
>>
>>
>> > Tried the following:
>> > 1. Added below entries in lxc config file
>> > lxc.cgroup.devices.allow = b 8:* rwm
>> > lxc.mount.entry = /dev/bus/usb/001/ dev/bus/usb/001/ none
>> bind,create=dir 0 0
>> > lxc.mount.entry = /dev/sdc
>> /home/oxpd/.local/share/lxc/Test/rootfs/dev/sdc none bind,create=file 0 0
>> > lxc.mount.entry = /dev/sdc1
>> > /home/oxpd/.local/share/lxc/Test/rootfs/dev/sdc1 none bind,create=file
>> 0 0
>>
>>
>> > 2. Changed device owner to 100000
>> > 3. changed device permission to 777.on the host
>>
>>
>> > when I run the libusb executable on host, all the attached device are
>> > listed, but the same when I run inside the container it says 0 devices
>> are attached.
>> > Is there any other configuration I am missing. Please help.
>>
>>
>> --
>> With best regards,
>> Andrey Repin
>> Tuesday, September 11, 2018 12:04:14
>>
>> Sorry for my terrible
>> english..._______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180919/6d8c4081/attachment.html>

More information about the lxc-users mailing list