[PVE-User] USB device passthrough

Arjen leesteken at protonmail.ch
Wed Dec 29 12:13:54 CET 2021


On Wednesday, December 29th, 2021 at 10:55, Florian Heiber <florian at heiber.me> wrote:

> Hi all,
>
> I’m trying to pass multiple USB devices from my host through into my container. I’ve followed a few tutorials ([1], [2]) that describe the process, but I can’t get it to work.
>
> What have I done?
>
> I have connected the USB devices to my host. I can confirm that they work via /dev/ttyUSB0, etc. I created a udev rule to consistently have them available as /dev/reader0, etc. I can also confirm that I can use those aliases as if I was using the original device. I consider this a success.
>
> I updated the container’s configuration at, in this case, /etc/pve/lxc/109.conf to include my mount points:
>
> lxc.cgroup.devices.allow: c 7:* rwm
>
> lxc.mount.entry: /dev/reader0 dev/reader0 none bind,optional,create=file
>
> After a reboot of the container, the device appears as configured. Unfortunately, I looks like I have some issues with my permissions. When I try to print out the data coming from the reader, I only see a
>
> florian at datalogger:~$ cat /dev/reader0 | od -tx1
>
> cat: /dev/reader0: Permission denied
>
> 0000000
>
> This does, however, work as expected when I run this on the host itself.
>
> Does anyone see what I’m missing here? One point I’m not too sure about is the major part in the lxc.cgroup.devices.allow line. I suppose it should reflect the major part of the device I'm trying to expose, but some tutorials used the one of the original device (/dev/ttyUSB0 in my case, 188) here.
>
> Thank you for your time!
>
> All the best,
>
> – Florian
>
> [1]: https://drozmotix.github.io/languages/en/BasicSetup/03.ProxmoxLXC.html#what-is-lxc
> [2]: https://deviant.engineer/2016/11/lxc-passthrough/

You probably need to setup a group or user mapping as shown here: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

/dev/reader0 probably belongs to a group and you need to be a member of that group in the container. For a unprivileged container, you need to map the numeric ID of the group on the host to the numeric ID of the same group in the container. These numbers are probably not the same.

Hope this points you in the right direction.




More information about the pve-user mailing list