Linux - Virtualization and CloudThis forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to access a usb device on my host from inside an lxc container. I found a lot of information on the internet but I'm still not quite sure how to do this.
This is the device I need to access from inside the container:
Generally speaking unprivileged containers can't mount "real" devices, like USB. The UID of the process calling the device inside the container is going to be roughly equivelent to "nobody" when it's translated out of the namespace.
So the fix I normally shoot for is to have a process running on the host to catch a signal from the unpriveledged calling process in the container and mount/provide USB access as a service. In the container it's just another mounted directory, on the host it's a USB stick.
Hope that helps
The container I'm running is a privileged container, so accessing devices shouldn't be a problem. At least for someone who understands lxc device handling and not for someone like me
Privileged containers?!?!?!?!?
Am I dealing with an individual so possessed of a singular valor that creating privileged containers is a non-issue for you or do you just not know what a huge security hole you're about create? You can use the container to develop in, but you wont deploy in a secure production facility like that. I always try to make my Dev environment as close to the Prod environment as possible (as there so here) but you, my friend, are apparently made of finer stuff than I.
That said, I'd check dmesg on both nodes and see if my Uber-container and my host can help us out a little. We need to see if it is trying to mount the thing and failing or just doesn't know how to try. If it's failing, udev is going to pitch a fit all over dmesg and syslog. If it doesn't know how to ask for it, it's going to fail quietly (no error in dmesg or syslog).
What are you running in this beast anyway?
I checked, people on the internet actually do this stuff (don't let it swell your head, they do a lot of crazy stuff on the internet).
The process is pretty simple, match the udev references, bind the mount point on the guest, add permissions in lxc.conf to allow the device passthrough and it should work.
Take a look at this and this and let me know if you have any questions.
It's a compatibility thing. I'm using the wfrog weather station software with a special plugin to write the data my weather station collects into a mysql database. I'm currently redesigning my setup and so I decided to migrate the wfrog installation, along with some other stuff, to debian jessie. My problem is now, that the wfrog plugin doesn't work on jessie. And since I'm already using lxc on my new installation I decided to move the whole old wfrog wheezy installation into a container till I find a way to make it work on jessie (or till forever, who knows ). This wfrog container has no access to the outside world, except for a temporary internet connection for installing updates. It should only have access to the mysql database on the host to write it's data. So I don't think its a big security issue running it as privileged container.
And now I'm trying to learn how to use lxc property and how to let the wfrog plugin access the usb transceiver to connect with the weather station.
lxc.mount.entry = /dev/bus/usb/001 dev/bus/usb/001 none bind,optional,create=dir
# USB Dongle for weather station
lxc.cgroup.devices.allow = c 189:* rwm
and finally it works
Thanks for the help!
It may be possible to reduce the rights even further...
Now I just have to solve my internet access problem from the other thread
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
