[SOLVED] LXC USB Webcam passthrough

[Pedulla]

PVE 7.1-10

On the host:

root@pve:~# lsusb
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 005: ID 046d:0990 Logitech, Inc. QuickCam Pro 9000

root@pve:~# ls -l /dev/bus/usb/003/005
crw-rw-r-- 1 root root 189, 260 Mar 26 21:18 /dev/bus/usb/003/005

root@pve:~# cat /etc/pve/lxc/108.conf
...
lxc.cgroup.devices.allow: c 189:* rwm
lxc.mount.entry: /dev/bus/usb/003/005 dev/bus/usb/003/005 none bind,optional,create=file
lxc.mount.entry: /dev/video0 dev/video0 none bind,optional,create=file

In the container:

someone@lxc:~$ lsusb
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 005: ID 046d:0990 Logitech, Inc. QuickCam Pro 9000

someone@lxc:~$ ls -l /dev/bus/usb/003/005
crw-rw-r-- 1 nobody nogroup 189, 260 Mar 26 21:18 /dev/bus/usb/003/005


someone@lxc:~$ ffmpeg -i /dev/video0 test.mp4
...
[video4linux2,v4l2 @ 0x558fc48326c0] Cannot open video device /dev/video0: Permission denied
/dev/video0: Permission denied

On a bare metal install (that works as expected) the usb webcam device is owned by root:root (/dev/bus/usb/00x/00x)
In a QEMU VM (that works with USB passhtrough) the usb webcam device is owned by root:root as well.

What am I missing?

[edit: extra details]

 

[oguz]

hi,

for the permission error you have to set the owner of /dev/bus/usb/003/005 on your host to the unprivileged uid of your container (100000 by default):

chown 100000:100000 /dev/bus/usb/003/005

 

[rolfb]

I had a similar issue, fixed it by changing:
lxc.cgroup.devices.allow: c 189:* rwm
into
lxc.cgroup2.devices.allow: c 189:* rwm
(of course adept to your specific config)

See https://forum.proxmox.com/threads/pve-6-4-usb-pass-through-in-lxc-container.73742/post-453000
I don't know if this is your issue as well, maybe it helps.

 

[Pedulla]

hi,

for the permission error you have to set the owner of /dev/bus/usb/003/005 on your host to the unprivileged uid of your container (100000 by default):

chown 100000:100000 /dev/bus/usb/003/005

Thank you for this nudge in the right direction.
One thing I didn't realize in my original post was the need for a guest's application access to the device /dev/video0 (in my case). And, "most" applications using web cams usually need /dev/video0 owned by root:video.

So the answer lies in:
Getting the permissions on the pve host right: (using the chown commands above)

root@pve:~# ls -al /dev/bus/usb/003/005
crw-rw-r-- 1 100000 100000 189, 260 Mar 29 14:10 /dev/bus/usb/003/005

root@pve:~# grep video /etc/group
video:x:44:www-data

root@pve:~# ls -al /dev/video0
crw-rw---- 1 100000 100044 81, 0 Mar 29 14:50 /dev/video0

Getting the lxc conf right:

...
lxc.mount.auto: cgroup:rw
lxc.cgroup.devices.allow: c 189:260 rwm
lxc.cgroup.devices.allow: c 81:0 rwm
lxc.mount.entry: /dev/bus/usb/003/005 dev/bus/usb/003/005 none bind,optional,create=file
lxc.mount.entry: /dev/video0 dev/video0 none bind,optional,create=file
...

And, confirming proper rights in the guest LXC:

somebody@lxc:~$ sudo ls -al /dev/video0
crw-rw---- 1 root video 81, 0 Mar 29 14:50 /dev/video0

somebody@lxc:~$ sudo ls -al /dev/bus/usb/003/005
crw-rw-r-- 1 root root 189, 260 Mar 29 14:10 /dev/bus/usb/003/005

@rolfb I actually read your post in my earlier troubleshooting efforts (lol). Using cgroup2 did not have any effect that I could observe.