Pass USB Device to unprivileged LXC

[Dilnane]

I have a question very similar to this one: Pass USB Device to LXC
I have my externel disk enclosure that is plugged in USB on host:

root@pve:~# lsusb
Bus 004 Device 006: ID 174c:55aa ASMedia Technology Inc. ASM1051E SATA 6Gb/s bridge, ASM1053E SATA 6Gb/s bridge, ASM1153 SATA 3Gb/s bridge, ASM1153E SATA 6Gb/s bridge

I have this major and minor on host :

root@pve:~# ls -al /dev/bus/usb/004/006
crw-rw-r-- 1 root root 189, 388 Apr 23 17:52 /dev/bus/usb/004/006

in my ct.conf I added those two lines (I tried also with create=dir) :

lxc.cgroup2.devices.allow: c 189:388 rwm
lxc.mount.entry: /dev/bus/usb/004/006 dev/bus/usb/004/006 none bind,optional,create=file

I also created a /etc/udev/rules.d/50-myusb.rulesfile and triggered udevadm just after:

root@pve:~# udevadm info -a -n /dev/bus/usb/004/006 | grep '{idVendor}' | head -n1
    ATTR{idVendor}=="174c"
root@pve:~# udevadm info -a -n /dev/bus/usb/004/006 | grep '{idProduct}' | head -n1
    ATTR{idProduct}=="55aa"
root@pve:~# cat <<EOT >> /etc/udev/rules.d/50-myusb.rules
SUBSYSTEMS=="usb", ATTRS{idVendor}=="174c", ATTRS{idProduct}=="55aa", GROUP="users", MODE="0666"
EOT
root@pve:~# udevadm trigger

I then indeed have my node file created in my ct (with nobody/nogroup idk if that's part of the issue):

root@ct:/# stat /dev/bus/usb/004/006
  File: /dev/bus/usb/004/006
  Size: 0               Blocks: 0          IO Block: 4096   character special file
Device: 5h/5d   Inode: 1818        Links: 1     Device type: bd,186
Access: (0666/crw-rw-rw-)  Uid: (65534/  nobody)   Gid: (65534/ nogroup)
Access: 2024-04-25 13:19:44.944646064 +0000
Modify: 2024-04-25 13:19:44.944646064 +0000
Change: 2024-04-25 13:19:44.944646064 +0000
 Birth: 2024-04-25 13:19:44.932645524 +0000

But i don't have any device node under /dev/sdX as it should be.
I do have it under my host:

root@pve:~# ls -lah /dev/ | grep sd
brw-rw-rw-  1 root disk      8,     0 Apr 25 15:19 sda
brw-rw-rw-  1 root users     8,     1 Apr 25 15:40 sda1

So I can't mount anything in my ct as I'm aware.

 

[fiona]

Hi,
since Proxmox VE 8.1, you can simply pass-through the device in /dev/ via pct set <ID> --dev0 /dev/XYZ,<other options> (or --dev1, etc.) option. In Proxmox VE 8.2, this is also possible in the UI.

 

[Dilnane]

Interesting thanks.
I passed the partition straight awaypct set <ID> --dev0 /dev/sda1, as passing the all device node with pct set <ID> --dev0 /dev/sda wasn't creating my /dev/sda1 device node on CT.

It's owned by root as it should be:

root@ct:/dev# stat sda1
  File: sda1
  Size: 0               Blocks: 0          IO Block: 4096   block special file
Device: 2fh/47d Inode: 3           Links: 1     Device type: 8,1
Access: (0660/brw-rw----)  Uid: (    0/    root)   Gid: (    0/    root)

But I'm unable to mount it.

root@ct:/# mount /dev/sda1 /media/HDD/
ntfs-3g-mount: mount failed: Operation not permitted
User doesn't have privilege to mount. For more information
please see: http://tuxera.com/community/ntfs-3g-faq/#unprivileged

I found some answers here on ntfs-3g github WHY CAN’T UNPRIVILEGED USERS MOUNT BLOCK DEVICES? but I don't see an issue on my side on those points as I'm using my root user.
Did the sda1 truly owned by root ? If yes I shouldn't encounter any issue to mount it inside am I wrong ?

EDIT:
I do not want to mount it on my host. So pct set <ID> -mp0 /mnt/sda1_mountpoint/,mp=/media/HDD/ is excluded.

 

[fiona]

EDIT:
I do not want to mount it on my host. So pct set <ID> -mp0 /mnt/sda1_mountpoint/,mp=/media/HDD/ is excluded.

Why not? For such cases, that is usually the way to go.

 

[frezeen]

same problem with new proxmox 8.2 features about lxc passthroug

from PVE UI i pass dev/sdb and /dev/sdb1 to unpriviliged lxc but i cant mount it

root@casaos:/dev# mount /dev/sdb1 /root/test
mount: /root/test: permission denied.
       dmesg(1) may have more information after failed mount system call.
root@casaos:/dev#

i try with gid and uid set to 0 too same permission error.

question: how can i pass a disk device to unpriviliged lxc and mount it without lose data?

edit: my disk is formatted ext4

 

[leesteken]

question: how can i pass a disk device to unpriviliged lxc and mount it without lose data?

Mount the disk on the host and pass the mount point to the container.
This is the way to do it, as the staff commented on the previous post: https://forum.proxmox.com/threads/pass-usb-device-to-unprivileged-lxc.145825/post-658788

 

[frezeen]

i need to pass block device for mergefs and not a mountpint

 

[leesteken]

i need to pass block device for mergefs and not a mountpint

Do all of that on the Proxmox host. And them use a bind mount (or mountpoint or rbind mount) to pass the result to the container.

 

[frezeen]

leesteken thanks for reply me
i have to use mergefs in LXC. if i pass to lxc the mountpoints i cant create mergefs storage from casaos UI. i need to pass , if possibile, the disks like a /dev ,

anyways its just a question for to understand better how new 8.1 lxc device pass work with disks

 

[fiona]

Hi,

anyways its just a question for to understand better how new 8.1 lxc device pass work with disks

you can configure it via the UI in the container's Resources tab with Add > Device passthrough or via CLI, see man pct for the --dev[n] options.

 

[Ciq]

I have a problem. I have 1tb sata ed USB connected ti proxmox 8.2.2 (beelink n100). I have passed mount point /MNT/USB to /media/data to lxc container for Plex. Mount works but when i play a MP4 After a few seconds disk disconnet from proxmox and i have and error on Plex. I have modified fstab to automount disk. Where May be the problem?

 

[fiona]

Hi,
please check the system logs/journal for any related information and check the health of the physical disk and cable.

 

[spiralsugarcane]

I solved a similar problem descried here:
https://forum.proxmox.com/threads/r...ner-with-automatic-device-path-change.157192/