Access usb device from systemd-nspawn container

containersystemd-nspawnusb

I want to access special USB device (not a simple flash drive) from inside container.
I bind /dev/bus/usb inside container, lsusb lists USBs effortlessly:

$ lsusb
...
Bus 002 Device 002: ID 0a89:0009 
...

but my program can't interact with this device.

Best Answer

systemd-nspawn handles permissions for devices through cgroups. By default, any container is granted with permissions only for common devices like /dev/null, /dev/zero, etc, and additionally to any device passed directly to --bind argument like --bind=/dev/vcs. This won't work with USB because /dev/bus/usb is a directory.

To grant permission for currently running container named my_container (supposedly you started it with systemd-nspawn directly from command line) execute as root:

$ echo 'c 189:* rwm' > \
 /sys/fs/cgroup/devices/machine.slice/machine-my_container/devices.allow

c 189:* rwm means read write modify permissions for any character device with type (identificator) 189 and any subtype. You can find type and subtype of device with file:

$ file /dev/bus/usb/002/002

This permission will only last while container is running.

If you are using systemd-nspawn@.service or want to persist permissions with it, create

/etc/systemd/system/systemd-nspawn@.service.d/override.conf

/etc/systemd/system/systemd-nspawn@my_container.service.d/override.conf

(depending on whether you want access to USB from any systemd-nspawn container or only from my_container correspondingly) with the following content:

[Service]
DeviceAllow=char-usb_device rwm

usb_device is an alias. You can find other in /proc/devices.

Related Solutions

Linux – Bootable USB Appearing as HDD Not Removable Device

Many BIOSes treat USB drives as “HDD” if they have a partition table and “Removable” if they don't. This isn't something you can change short of flashing a different BIOS altogether (rarely an option).

Most BIOSes let you choose the order of available “HDD” devices in a separate screen. Some let you press a key at boot time to select the HDD. If these options are not available to you, make a non-partitioned USB stick.

Create a filesystem directly on the USB stick, not on a partition:

mkfs.vfat /dev/sdb

(Replace /dev/sdb by the right drive. Be sure to get this right since it'll destroy the data on that drive.) Then follow the instructions to make that live/installation USB stick. If you already have a stick image with a partition table, copy all but the first sector of it onto the stick:

tail -c +513 <whole-disk-image-file >/dev/sdb

then re-run the bootloader installation on the stick (e.g. syslinux /dev/sdb if the bootloader is Syslinux).

Linux – How to make a USB visible in LXD Container

This question is quite old, but I stumbled upon the same use case today and I found a solution so easy that probably it wasn't available 7 months ago.

At this link one can find more information, but essentially it is this way:

let's say we have a modem device (AT commands) on /dev/ttyUSB2 and a container "xenial1", one can add ttyUSB2 to the container with the following command:

$ lxc config device add xenial1 ttyUSB2 unix-char path=/dev/ttyUSB2

it does not matter whether the container is running or not

This configuration is permanently saved in the container's default profile:

$ lxc config show xenial1
architecture: x86_64
config:
  security.privileged: "true"
  volatile.base_image: <numbers>
  volatile.eth0.hwaddr: xx:xx:xx:xx:xx:xx
  volatile.idmap.base: "0"
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
devices:
  root:
    path: /
    type: disk
  ttyUSB1:
    path: /dev/ttyUSB1
    type: unix-char
  ttyUSB2:
    path: /dev/ttyUSB2
    type: unix-char
ephemeral: false
profiles:
- default

In order to delete a device, use "remove" command in place of "add".

NOTE: my container is "privileged", so this solution might not work on unpriviledged containers

Best Answer

Related Solutions

Linux – Bootable USB Appearing as HDD Not Removable Device

Linux – How to make a USB visible in LXD Container

Related Question