[SOLVED] LXC Container + USB HASP Key

[Vasilij Lebedinskij]

Hello! Recently i have updated my PVE to 4.1 and now i'm trying to use LXC containers. I have 3 HASP keys which were forwarded to 3 different KVM VMs before i went to containers. How am i supposed to forward them to 3 different containers? I have found that i need to add

lxc.cgroup.devices.allow = c 189:* rwm

in config of LXC container, but how do i specify what usb device must be mounted by LXC container?

 

[Vasilij Lebedinskij]

After some more research i aded this line to my LXC config file

lxc.mount.entry = /dev/bus/usb/001 dev/bus/usb/001 none bind,optional,c$

. Now i can use lsusb command inside container but it shows me all usb devices of host.

root@ubuntu-server:~# lsusb
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 002: ID 0000:0000
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 006: ID 0529:0001 Aladdin Knowledge Systems HASP v0.06
Bus 001 Device 005: ID 2101:020f ActionStar
Bus 001 Device 004: ID 0529:0001 Aladdin Knowledge Systems HASP v0.06
Bus 001 Device 003: ID 0529:0001 Aladdin Knowledge Systems HASP v0.06
Bus 001 Device 002: ID 04b4:6560 Cypress Semiconductor Corp. CY7C65640 USB-2.0 "TetraHub"
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Inside my container

root@ubuntu-server:~# tree /dev/bus/usb
/dev/bus/usb
`-- 001
    |-- 001
    |-- 002
    |-- 003
    |-- 004
    |-- 005
    `-- 006

On my Host

root@pve:~# tree /dev/bus/usb
/dev/bus/usb
├── 001
│   ├── 001
│   ├── 002
│   ├── 003
│   ├── 004
│   ├── 005
│   └── 006
├── 002
│   └── 001
├── 003
│   └── 001
├── 004
│   └── 001
├── 005
│   └── 001
├── 006
│   ├── 001
│   └── 002
├── 007
│   └── 001
└── 008
    └── 001

 

[Vasilij Lebedinskij]

Pretty much time passed but I haven't thrown the idea away. So there is a way to make Hasp key work in lxc but its weird....
1. We need Hasp drivers installed on PVE host. In LXC we need only Hasp LM, but I simply installed Hasp drivers from here in both PVE and LXC.
2. On PVE host we need to create /etc/udev/rules.d/80-hasp.rules file

# HASP rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0001", MODE="664", ENV{HASP}="1", SYMLINK+="aks/hasp/%k", RUN+="/usr/sbin/aksusbd_x86_64 -c $root/aks/hasp/$kernel"
ACTION=="remove", ENV{HASP}=="1", RUN+="/usr/sbin/aksusbd_x86_64 -r $root/aks/hasp/$kernel"

# SENTINEL rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0003", KERNEL!="hiddev*", MODE="666", GROUP="plugdev", ENV{SENTINELHID}="1", SYMLINK+="aks/sentinelhid/%k"

3. Reboot PVE.
4. Add following lines to LXC config:

lxc.cgroup.devices.allow = c 189:* rwm
lxc.mount.entry = /dev/bus/usb/001 dev/bus/usb/001 none bind,optional,create=dir
lxc.mount.entry = /dev/aks/ dev/aks/ none bind,optional,create=dir
lxc.mount.entry: /tmp/.aksusb tmp/.aksusb none bind,optional,create=file

Change /dev/bus/usb/001 to your Hasp key path.

Note: if you restart aksusbd on PVE make sure to restart LXC too.

Based on information from this article. Thanks to author!