[lxc-users] How to provide device access to lxc unprivileged containers ?

Yasoda Padala padala.yasoda at gmail.com
Mon Sep 17 09:38:54 UTC 2018 

Hi  Andrey,
Thank you for your response.
As you suggested, for block devices I can mount the device into container
FS and  can perform read/write on it.
But I have the requirement to make char devices also (eg. HID card reader/
barcode reader) accessible to unprivileged containers.

Added the following entries in container config file
1. lxc.cgroup.devices.allow = c 180:* rw
    lxc.mount.entry = /dev/usb/ dev/usb/ none bind,create=dir 0 0
2. Changed device owner to 100000
3. changed device permission to 777.on the host

when I run lsusb (usb utility) inside the container, it is not enumerating
the devices attached to the system. My knowledge on working with devices
and lxc containers is very limited. I am new to linux and containerized
apps development and still learning. If I am missing anything, please help.

Thanks in advance,
Yasoda



On Tue, Sep 11, 2018 at 5:30 PM <lxc-users-request at lists.linuxcontainers.org>
wrote:

> Send lxc-users mailing list submissions to
>         lxc-users at lists.linuxcontainers.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.linuxcontainers.org/listinfo/lxc-users
> or, via email, send a message with subject or body 'help' to
>         lxc-users-request at lists.linuxcontainers.org
>
> You can reach the person managing the list at
>         lxc-users-owner at lists.linuxcontainers.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lxc-users digest..."
> Today's Topics:
>
>    1. How to provide device access to lxc unprivileged  containers ?
>       (Yasoda Padala)
>    2. Re: How to provide device access to lxc unprivileged
>       containers ? (Andrey Repin)
>
>
>
> ---------- Forwarded message ----------
> From: Yasoda Padala <padala.yasoda at gmail.com>
> To: lxc-users at lists.linuxcontainers.org
> Cc:
> Bcc:
> Date: Tue, 11 Sep 2018 14:15:32 +0530
> Subject: [lxc-users] How to provide device access to lxc unprivileged
> containers ?
> Hi All,
> I have a usb attached to my ubuntu machine (16.04) and trying to access
> that device from unprivileged lxc container.
> By access I mean, enumerate and do I/O on that device.
> I have written a small program using libusb library and using that libusb
> executable to enumerate,read/write usb device from container
> Please find attached  lxc config file and libusb executable.
> I have found plenty of examples in various forums but nothing worked for
> me.
>
> Tried the following:
> 1. Added below entries in lxc config file
> lxc.cgroup.devices.allow = b 8:* rwm
> lxc.mount.entry = /dev/bus/usb/001/ dev/bus/usb/001/ none bind,create=dir
> 0 0
> lxc.mount.entry = /dev/sdc /home/oxpd/.local/share/lxc/Test/rootfs/dev/sdc
> none bind,create=file 0 0
> lxc.mount.entry = /dev/sdc1
> /home/oxpd/.local/share/lxc/Test/rootfs/dev/sdc1 none bind,create=file 0 0
>
> 2. Changed device owner to 100000
> 3. changed device permission to 777.on the host
>
> when I run the libusb executable on host, all the attached device are
> listed, but the same when I run inside the container it says 0 devices are
> attached.
> Is there any other configuration I am missing. Please help.
>
> Thanks & Regards,
> Yasoda
>
>
>
>
> ---------- Forwarded message ----------
> From: Andrey Repin <anrdaemon at yandex.ru>
> To: Yasoda Padala <lxc-users at lists.linuxcontainers.org>
> Cc:
> Bcc:
> Date: Tue, 11 Sep 2018 12:04:45 +0300
> Subject: Re: [lxc-users] How to provide device access to lxc unprivileged
> containers ?
> Greetings, Yasoda Padala!
>
> > Hi All,
> > I have a usb attached to my ubuntu machine (16.04) and trying to access
> > that device from unprivileged lxc container.
> > By access I mean, enumerate and do I/O on that device.
>
> What for? If it's a block device, just mount it into container FS.
>
> > I have written a small program using libusb library and using that libusb
> > executable to enumerate,read/write usb device from container
> > Please find attached  lxc config file and libusb executable.
> > I have found plenty of examples in various forums but nothing worked for
> me.
>
>
> > Tried the following:
> > 1. Added below entries in lxc config file
> > lxc.cgroup.devices.allow = b 8:* rwm
> > lxc.mount.entry = /dev/bus/usb/001/ dev/bus/usb/001/ none
> bind,create=dir 0 0
> > lxc.mount.entry = /dev/sdc
> /home/oxpd/.local/share/lxc/Test/rootfs/dev/sdc none bind,create=file 0 0
> > lxc.mount.entry = /dev/sdc1
> > /home/oxpd/.local/share/lxc/Test/rootfs/dev/sdc1 none bind,create=file 0
> 0
>
>
> > 2. Changed device owner to 100000
> > 3. changed device permission to 777.on the host
>
>
> > when I run the libusb executable on host, all the attached device are
> > listed, but the same when I run inside the container it says 0 devices
> are attached.
> > Is there any other configuration I am missing. Please help.
>
>
> --
> With best regards,
> Andrey Repin
> Tuesday, September 11, 2018 12:04:14
>
> Sorry for my terrible
> english..._______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180917/0669fbd0/attachment-0001.html>

More information about the lxc-users mailing list