Unable to pass-through ch340 to lxc

ynottony

New Member
Mar 11, 2025
2
0
1
I'm migrating from VMWare to Proxmox and so far the installation has been straight-forward. I also installed an Openhab lxc. I have a CH340 that connects to my pool pump and it was working with VMWare. I'm trying to understand how the USB device gets passed to the Openhab lxc from PVE. I reviewed the forums and I see a number of users using CH340 but I couldn't find a specific article on passing that device type. Also, I got confused with either making configuration changes via the GUI or the CLI. Finally I used ChatGPT but I wasn't able to get it to work. The following are the steps I took

I'm running PVE 9.0.3

1. I verified that CH340 can be seen from the host.
Code:
root@pve:~# root@pve:~# lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 05e3:0723 Genesys Logic, Inc. GL827L SD/MMC/MS Flash Card Reader
Bus 001 Device 003: ID 1a86:7523 QinHeng Electronics CH340 serial converter
Bus 001 Device 004: ID 13d3:3314 IMC Networks
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

2. I verified that the CH340 gets attached as ttyUSB0
Code:
root@pve:~# dmesg | grep -i ch34                                                                                                                                               
[    5.461895] usbcore: registered new interface driver ch341                                                                                                                  
[    5.461913] usbserial: USB Serial support registered for ch341-uart                                                                                                         
[    5.461928] ch341 1-6:1.0: ch341-uart converter detected                                                                                                                    
[    5.462435] usb 1-6: ch341-uart converter now attached to ttyUSB0

3. I added two lines to the openhab.lxc to map the ttyUSB0 from the PVE host.
Code:
root@pve:~# cat /etc/pve/lxc/100.conf                                                                                                                                          
arch: amd64                                                                                                                                                                    
cores: 2                                                                                                                                                                       
features: nesting=1                                                                                                                                                            
hostname: casajuarez                                                                                                                                                           
memory: 2048                                                                                                                                                                   
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.100.1,hwaddr=BC:24:11:6A:13:4C,ip=192.168.100.39/24,type=veth                                                               
ostype: debian                                                                                                                                                                 
rootfs: local-lvm:vm-100-disk-0,size=8G                                                                                                                                        
swap: 2048                                                                                                                                                                     
unprivileged: 1                                                                                                                                                                
lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,create=file                                                                                                                
lxc.cgroup2.devices.allow: c 188:* rwm

4. I changed the user to openhabian for the group dialout based on ChatGPT response
Code:
root@pve:~# ls -l /dev/ttyUSB0                                                                                                                                                 
crw-rw---- 1 openhabian dialout 188, 0 Oct 20 20:45 /dev/ttyUSB0
that didn't work. I rebooted the host and ownership went back to root
Code:
root@pve:~# ls -l /dev/ttyUSB0                                                                                                                                                 
crw-rw---- 1 root dialout 188, 0 Oct 21 08:59 /dev/ttyUSB0

5. I attached the group dialout to the 100.conf lxc
Code:
root@pve:~# lxc-attach -n 100 -- addgroup dialout                                                                                                                              
addgroup: The group `dialout' already exists.

6. I consoled into the lxc and verified the ttyUSB0 entry exists
Code:
openhabian@casajuarez:~$ ls -al /dev/ttyUSB0*                                                                                                                                  
crw-rw---- 1 nobody nogroup 188, 0 Oct 20 20:45 /dev/ttyUSB0

7. The uid and gid for openhabian on the host and lxc is as follows
host:
Code:
root@pve:~# id openhabian                                                                                                                                                        
uid=1000(openhabian) gid=1000(openhabian) groups=1000(openhabian),20(dialout)

lxc:
Code:
(esptool-env) openhabian@casajuarez:~$ id openhabian                                                                                                                             
uid=1000(openhabian) gid=113(openhab) groups=113(openhab),5(tty),20(dialout),27(sudo),29(audio),100(users),1000(openhabian)

However, I get a permission deny when I start the pool controller software
Code:
Init state for Pool Controller                                                                                                                                                 
[10/21/2025, 7:18:22 AM] info: The current git branch output is master                                                                                                         
[10/21/2025, 7:18:22 AM] info: The current git commit output is 29ec40a22aca23370365bcd1a594f32f99d5a046                                                                       
[10/21/2025, 7:18:22 AM] info: Starting up SSDP server                                                                                                                         
[10/21/2025, 7:18:22 AM] info: Server is now listening on 0.0.0.0:4200 - 192.168.XX.XX:4200                                                                                   
[10/21/2025, 7:18:22 AM] error: Error opening port 0: Error: Permission denied, cannot open /dev/ttyUSB0. Retry in 10 seconds

I tried adding lxc.idmap commands to the lxc but the lxc failed to boot after entering the commands so I removed them.

Hopefully someone can help
 
Last edited:
There should be no need to mess around with lxc.mount.entry, lxc.cgroup2.devices.allow, lxc.idmap.
Just pass the device through in the Web UI: Select the container -> Resources -> Add -> Device Passthrough.
 
There should be no need to mess around with lxc.mount.entry, lxc.cgroup2.devices.allow, lxc.idmap.
Just pass the device through in the Web UI: Select the container -> Resources -> Add -> Device Passthrough.
Thanks Filip but that didn't work.

I removed the two entries and I added a new controller /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A10MO7T5-if00-port0 to the device passthrough. I know that the adapter works and the device path is valid since the container failed to boot earlier when I referenced the old adapter. There is no /dev/ttyUSB0 entry which is required to work with the software. Do I need a symbolic link between /dev/ttyUSB0 and /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A10MO7T5-if00-port0 ?

I did get the new adapter to work with a VM I created in Proxmox by mapping the resource in the Datacenter section and then referencing it as a mapped device in the VM. I believe I did have to add the user to the dialout group to gain access.

However, I would like to get the adapter to work with unprivileged containers.
 
Last edited: