[lxc-users] Device node in LXC is not accessible when connected via SSH

Serge E. Hallyn serge at hallyn.com
Tue Jan 28 14:43:27 UTC 2020


On Tue, Jan 28, 2020 at 08:24:30AM +0000, Tim Jaacks wrote:
> Hello everyone,
> 
> I have a problem where a physical hardware device passed through to an LXC container cannot be read from or written to when I am connected via SSH.
> 
> The device node of my physical hardware device looks like this:
> 
> 	myuser at myhost:~$ ls -la /dev/usb/hiddev0
> 	crw-rw-rw- 1 root root 180, 0 Jul 30 10:27 /dev/usb/hiddev0
> 
> This is how I create and start my container:
> 
> 	myuser at myhost:~$ sudo lxc-create -q -t debian -n mylxc -- -r stretch
> 	myuser at myhost:~$ sudo lxc-start -n mylxc
> 
> Then I add the device node to the LXC:
> 
> 	myuser at myhost:~$ sudo lxc-device -n mylxc add /dev/usb/hiddev0
> 
> Afterwards the device is available in the LXC and I can read from it after having attached to the LXC:
> 
> 	myuser at myhost:~$ sudo lxc-attach -n mylxc
> 	root at mylxc:/# ls -la /dev/usb/hiddev0
> 	crw-r--r-- 1 root root 180, 0 Aug 27 11:26 /dev/usb/hiddev0
> 	root at mylxc:/# cat /dev/usb/hiddev0
> 	����������^C
> 	root at mylxc:/#
> 
> I then enable root access via SSH without a password:
> 
> 	myuser at myhost:~$ sudo lxc-attach -n mylxc
> 	root at mylxc:/# sed -i 's/#\?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
> 	root at mylxc:/# sed -i 's/#\?PermitEmptyPasswords.*/PermitEmptyPasswords yes/g' /etc/ssh/sshd_config
> 	root at mylxc:/# sed -i 's/#\?UsePAM.*/UsePAM no/g' /etc/ssh/sshd_config
> 	root at mylxc:/# passwd -d root
> 	passwd: password expiry information changed.
> 	root at mylxc:/# /etc/init.d/ssh restart
> 	Restarting ssh (via systemctl): ssh.service.
> 	root at mylxc:/# exit
> 
> When I connect via SSH now, the device node is there, but I cannot access it:
> 
> 	myuser at myhost:~$ ssh root@<lxc-ip-address>
> 	root at mylxc:~# ls -la /dev/usb/hiddev0
> 	crw-r--r-- 1 root root 180, 0 Aug 27 11:26 /dev/usb/hiddev0
> 	root at mylxc:~# cat /dev/usb/hiddev0
> 	cat: /dev/usb/hiddev0: Operation not permitted
> 
> In both cases (lxc-attach and ssh) I am the root user (verified via whoami), so this cannot be the problem.
> 
> Why am I not allowed to access the device when I am connected via SSH?

Can you look at your cgroup membership in both cases?


More information about the lxc-users mailing list