Permission issue passing ttyUSB0 through to HomeAssistant LXC

[davepl]

I'm trying to pass an Insteon PLM modem to a HomeAssistant LXC. It reports "unable to connect", and I get permission denied with a 'sudo echo' to the device. I'm running Proxmox 7.3-4

Here are the specifics, hope it reveals the issue!

On the host:

lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 005: ID 0403:6001 Future Technology Devices International, Ltd FT232 Serial (UART) IC.  /* This one */
Bus 001 Device 003: ID 0557:2419 ATEN International Co., Ltd
Bus 001 Device 002: ID 0557:7000 ATEN International Co., Ltd Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

ls -aln /dev/ttyUSB*
crw-rw---- 1 0 20 188, 0 Feb 23 20:21 /dev/ttyUSB0

Here is the LXC config file:

arch: amd64
cores: 16
features: nesting=1
hostname: homeassistant
memory: 2048
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=AA:92:FD:A1:5F:8D,ip=dhcp,type=veth
onboot: 1
ostype: ubuntu
rootfs: Samsung980:103/vm-103-disk-0.raw,size=16G
swap: 2048
unprivileged: 1
lxc.cgroup2.devices.allow: c 188:* rwm
lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file,mode=0666

That causes the device to appear within the LXC:

ls -l /dev/tty*
[...]
crw-rw---- 1 root dialout   4, 71 Feb  4 23:39 /dev/ttyS7
crw-rw---- 1 root dialout   4, 72 Feb  4 23:39 /dev/ttyS8
crw-rw---- 1 root dialout   4, 73 Feb  4 23:39 /dev/ttyS9
crw-rw---- 1 root dialout 188,  0 Feb 23 20:21 /dev/ttyUSB0

However, I'm still denied permission to the port and HomeAssistant reports 'Unable to Connect' to the modem on /dev/ttyUSB0

ve@homeassistant:~$ sudo echo >/dev/ttyUSB0
-bash: /dev/ttyUSB0: Permission denied

As a flail, after noting that all the other devices were group 4, I tried 4 instead of 188, to no avail.

Can anyone spot what I'm doing incorrectly? Would sure appreciate it! Thanks!

 

[fweber]

Hi,

That causes the device to appear within the LXC:

ls -l /dev/tty*
[...]
crw-rw---- 1 root dialout   4, 71 Feb  4 23:39 /dev/ttyS7
crw-rw---- 1 root dialout   4, 72 Feb  4 23:39 /dev/ttyS8
crw-rw---- 1 root dialout   4, 73 Feb  4 23:39 /dev/ttyS9
crw-rw---- 1 root dialout 188,  0 Feb 23 20:21 /dev/ttyUSB0

Are you sure this is the output of ls inside the container? To me it looks more like the command ran on the host, as I would expect the files to be owned by nobody/nogroup in the container. Could you doublecheck?

lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file,mode=0666

I don't think lxc.mount.entry supports the mode=0666 option, you'll need to set the permissions on the host instead. One option would be to use chmod 666 there, but this gives all users on the host read/write permissions too. If you'd like to only give read-write access to the container root, you could instead change the owner to the uid 100000 (which is the uid on the host that represents the container root), or use setfacl to grant read-write permissions to 100000. In any case, I think you'll need to add a udev rule that sets the correct owner/permissions after replugging/rebooting.

Hope that helps!