USB passthrough in a unprivileged container

Marc Ballat

Active Member
Dec 28, 2015
30
1
28
53
Hi,

I am trying to allow an unprivileged container to communicate with my APC UPS using apcupsd.

I have modified my conf file and added the two following lines :
Code:
lxc.cgroup.devices.allow: c 189:* rwm
lxc.mount.entry: /dev/bus/usb/001/006 dev/bus/usb/001/006 none bind,optional,create=file

On the host (after changing owner and group) :
Code:
ls -l /dev/bus/usb/001/006
crw-rw---- 1 100000 100000 189, 5 May  1 06:10 /dev/bus/usb/001/006

In the container :
Code:
# ls -l /dev/bus/usb/001/006
crw-rw---- 1 root root 189, 5 May  1 06:10 /dev/bus/usb/001/006

Still :
Code:
# apcaccess
APC      : 001,018,0436
DATE     : 2021-05-01 08:28:20 +0200 
HOSTNAME : m1
VERSION  : 3.14.14 (31 May 2016) debian
UPSNAME  : APC750
CABLE    : USB Cable
DRIVER   : USB UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2021-05-01 08:28:05 +0200 
STATUS   : COMMLOST
MBATTCHG : 5 Percent
MINTIMEL : 10 Minutes
MAXTIME  : 0 Seconds
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000100
END APC  : 2021-05-01 08:33:00 +0200

STATUS : COMMLOST shows that the daemon cannot communicate with the UPS.

Code:
# systemctl status apcupsd
* apcupsd.service - UPS power management daemon
   Loaded: loaded (/lib/systemd/system/apcupsd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2021-05-01 08:28:05 CEST; 6min ago
     Docs: man:apcupsd(8)
  Process: 1615 ExecStartPre=/lib/apcupsd/prestart (code=exited, status=0/SUCCESS)
  Process: 1619 ExecStart=/sbin/apcupsd (code=exited, status=0/SUCCESS)
 Main PID: 1620 (apcupsd)
    Tasks: 4 (limit: 4915)
   Memory: 840.0K
   CGroup: /system.slice/apcupsd.service
           `-1620 /sbin/apcupsd

May 01 08:28:05 m1 systemd[1]: Starting UPS power management daemon...
May 01 08:28:05 m1 systemd[1]: apcupsd.service: Can't open PID file /run/apcupsd.pid (yet?) after start: No such file or directory
May 01 08:28:05 m1 apcupsd[1620]: apcupsd 3.14.14 (31 May 2016) debian startup succeeded
May 01 08:28:05 m1 systemd[1]: Started UPS power management daemon.
May 01 08:28:15 m1 apcupsd[1620]: NIS server startup succeeded
May 01 08:29:15 m1 apcupsd[1620]: Communications with UPS lost.

As you can see or guess, I am stuck ;-)
 

Marc Ballat

Active Member
Dec 28, 2015
30
1
28
53
Just another hint. From the container, /proc/bus/usb appears to be owned by nobody:nobody.
 

avb56

New Member
Jul 19, 2021
2
2
1
40
Hi,
A similar issue has been solved - thanks for the tips to [B]sintei[/B] (https://forum.proxmox.com/threads/usb-pass-through-in-lxc-container.73742/#post-329417).
Cgroup 189 and /dev/bus/.. useless here, instead, you need the following in lxc.conf:

lxc.cgroup.devices.allow: c 180:* rwm
lxc.mount.entry: /dev/usb dev/usb none bind,optional,create=dir

For privileged LXC that's enough.
For unprivileged LXC, to avoid setting manually permissions for device file after each node reboot, add udev rule like "50-myusb.rules" in /etc/udev/rules.d with value:

SUBSYSTEMS=="usb", KERNEL=="hiddev*", ATTRS{idVendor}=="051d", ATTRS{idProduct}=="0002", MODE="0666"

After reboot node or cmd 'udevadm control --reload-rules && udevadm trigger' UPS STATUS : ONLINE
 
  • Like
Reactions: Elliott Partridge

lpallard

Active Member
Mar 22, 2014
92
3
28
Hi,
A similar issue has been solved - thanks for the tips to [B]sintei[/B] (https://forum.proxmox.com/threads/usb-pass-through-in-lxc-container.73742/#post-329417).
Cgroup 189 and /dev/bus/.. useless here, instead, you need the following in lxc.conf:

lxc.cgroup.devices.allow: c 180:* rwm
lxc.mount.entry: /dev/usb dev/usb none bind,optional,create=dir

For privileged LXC that's enough.
For unprivileged LXC, to avoid setting manually permissions for device file after each node reboot, add udev rule like "50-myusb.rules" in /etc/udev/rules.d with value:

SUBSYSTEMS=="usb", KERNEL=="hiddev*", ATTRS{idVendor}=="051d", ATTRS{idProduct}=="0002", MODE="0666"

After reboot node or cmd 'udevadm control --reload-rules && udevadm trigger' UPS STATUS : ONLINE
Do you mind explaining a bit what you did?

I just installed PVE7.0 and followed the instructions of https://www.brunweb.de/configuration-of-an-apc-ups-under-proxmox/ to get APCPUSD up & running, but when I do "apcaccess status" I get
Code:
APC      : 001,017,0422
DATE     : 2021-10-10 20:06:20 -0400 
HOSTNAME : proxmox
VERSION  : 3.14.14 (31 May 2016) debian
CABLE    : USB Cable
DRIVER   : USB UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2021-10-10 20:00:18 -0400 
STATUS   : COMMLOST
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000100
END APC  : 2021-10-10 20:16:01 -0400

The APCUPSD web page also shows COMM LOST.

On PVE 3.2 it used to work. I had backed up my apcupsd.conf file and went thru every argument one by one to reconfigure it but to no avail.... Looking forward to what made it work for you!
 

avb56

New Member
Jul 19, 2021
2
2
1
40
Do you mind explaining a bit what you did?

I just installed PVE7.0 and followed the instructions of https://www.brunweb.de/configuration-of-an-apc-ups-under-proxmox/ to get APCPUSD up & running, but when I do "apcaccess status" I get
Code:
APC      : 001,017,0422
DATE     : 2021-10-10 20:06:20 -0400
HOSTNAME : proxmox
VERSION  : 3.14.14 (31 May 2016) debian
CABLE    : USB Cable
DRIVER   : USB UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2021-10-10 20:00:18 -0400
STATUS   : COMMLOST
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000100
END APC  : 2021-10-10 20:16:01 -0400

The APCUPSD web page also shows COMM LOST.

On PVE 3.2 it used to work. I had backed up my apcupsd.conf file and went thru every argument one by one to reconfigure it but to no avail.... Looking forward to what made it work for you!
In instructions by you link, apcupsd installed on node. My apcupsd work in unprivileged container. Anyway compare my working conf in attach with you
 

Attachments

  • apcupsd.zip
    5 KB · Views: 16
  • Like
Reactions: lpallard

lpallard

Active Member
Mar 22, 2014
92
3
28
Got it working. All I needed is to reboot PVE. Thats weird because the UPS was listed with lsusb and udev but somehow the apcupsd service couldnt bind to the USB port without a reboot of PVE.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!