USB passthrough in a unprivileged container

M

Marc Ballat

Well-Known Member
Dec 28, 2015
33
3
48
56
Hi,

I am trying to allow an unprivileged container to communicate with my APC UPS using apcupsd.

I have modified my conf file and added the two following lines :
Code: 
lxc.cgroup.devices.allow: c 189:* rwm
lxc.mount.entry: /dev/bus/usb/001/006 dev/bus/usb/001/006 none bind,optional,create=file

On the host (after changing owner and group) :
Code: 
ls -l /dev/bus/usb/001/006
crw-rw---- 1 100000 100000 189, 5 May  1 06:10 /dev/bus/usb/001/006

In the container :
Code: 
# ls -l /dev/bus/usb/001/006
crw-rw---- 1 root root 189, 5 May  1 06:10 /dev/bus/usb/001/006

Still :
Code: 
# apcaccess
APC      : 001,018,0436
DATE     : 2021-05-01 08:28:20 +0200 
HOSTNAME : m1
VERSION  : 3.14.14 (31 May 2016) debian
UPSNAME  : APC750
CABLE    : USB Cable
DRIVER   : USB UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2021-05-01 08:28:05 +0200 
STATUS   : COMMLOST
MBATTCHG : 5 Percent
MINTIMEL : 10 Minutes
MAXTIME  : 0 Seconds
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000100
END APC  : 2021-05-01 08:33:00 +0200

STATUS : COMMLOST shows that the daemon cannot communicate with the UPS.

Code: 
# systemctl status apcupsd
* apcupsd.service - UPS power management daemon
   Loaded: loaded (/lib/systemd/system/apcupsd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2021-05-01 08:28:05 CEST; 6min ago
     Docs: man:apcupsd(8)
  Process: 1615 ExecStartPre=/lib/apcupsd/prestart (code=exited, status=0/SUCCESS)
  Process: 1619 ExecStart=/sbin/apcupsd (code=exited, status=0/SUCCESS)
 Main PID: 1620 (apcupsd)
    Tasks: 4 (limit: 4915)
   Memory: 840.0K
   CGroup: /system.slice/apcupsd.service
           `-1620 /sbin/apcupsd

May 01 08:28:05 m1 systemd[1]: Starting UPS power management daemon...
May 01 08:28:05 m1 systemd[1]: apcupsd.service: Can't open PID file /run/apcupsd.pid (yet?) after start: No such file or directory
May 01 08:28:05 m1 apcupsd[1620]: apcupsd 3.14.14 (31 May 2016) debian startup succeeded
May 01 08:28:05 m1 systemd[1]: Started UPS power management daemon.
May 01 08:28:15 m1 apcupsd[1620]: NIS server startup succeeded
May 01 08:29:15 m1 apcupsd[1620]: Communications with UPS lost.

As you can see or guess, I am stuck ;-)
 
Just another hint. From the container, /proc/bus/usb appears to be owned by nobody:nobody.
 
Hi,
A similar issue has been solved - thanks for the tips to [B]sintei[/B] (https://forum.proxmox.com/threads/usb-pass-through-in-lxc-container.73742/#post-329417).
Cgroup 189 and /dev/bus/.. useless here, instead, you need the following in lxc.conf:

lxc.cgroup.devices.allow: c 180:* rwm
lxc.mount.entry: /dev/usb dev/usb none bind,optional,create=dir

For privileged LXC that's enough.
For unprivileged LXC, to avoid setting manually permissions for device file after each node reboot, add udev rule like "50-myusb.rules" in /etc/udev/rules.d with value:

SUBSYSTEMS=="usb", KERNEL=="hiddev*", ATTRS{idVendor}=="051d", ATTRS{idProduct}=="0002", MODE="0666"

After reboot node or cmd 'udevadm control --reload-rules && udevadm trigger' UPS STATUS : ONLINE
 
  • Like
Reactions: Valantur and Elliott Partridge
avb56 said:
Hi,
A similar issue has been solved - thanks for the tips to [B]sintei[/B] (https://forum.proxmox.com/threads/usb-pass-through-in-lxc-container.73742/#post-329417).
Cgroup 189 and /dev/bus/.. useless here, instead, you need the following in lxc.conf:

lxc.cgroup.devices.allow: c 180:* rwm
lxc.mount.entry: /dev/usb dev/usb none bind,optional,create=dir

For privileged LXC that's enough.
For unprivileged LXC, to avoid setting manually permissions for device file after each node reboot, add udev rule like "50-myusb.rules" in /etc/udev/rules.d with value:

SUBSYSTEMS=="usb", KERNEL=="hiddev*", ATTRS{idVendor}=="051d", ATTRS{idProduct}=="0002", MODE="0666"

After reboot node or cmd 'udevadm control --reload-rules && udevadm trigger' UPS STATUS : ONLINE
Click to expand...
Do you mind explaining a bit what you did?

I just installed PVE7.0 and followed the instructions of https://www.brunweb.de/configuration-of-an-apc-ups-under-proxmox/ to get APCPUSD up & running, but when I do "apcaccess status" I get
Code: 
APC      : 001,017,0422
DATE     : 2021-10-10 20:06:20 -0400 
HOSTNAME : proxmox
VERSION  : 3.14.14 (31 May 2016) debian
CABLE    : USB Cable
DRIVER   : USB UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2021-10-10 20:00:18 -0400 
STATUS   : COMMLOST
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000100
END APC  : 2021-10-10 20:16:01 -0400

The APCUPSD web page also shows COMM LOST.

On PVE 3.2 it used to work. I had backed up my apcupsd.conf file and went thru every argument one by one to reconfigure it but to no avail.... Looking forward to what made it work for you!
 
lpallard said:
Do you mind explaining a bit what you did?

I just installed PVE7.0 and followed the instructions of https://www.brunweb.de/configuration-of-an-apc-ups-under-proxmox/ to get APCPUSD up & running, but when I do "apcaccess status" I get
Code: 
APC      : 001,017,0422
DATE     : 2021-10-10 20:06:20 -0400
HOSTNAME : proxmox
VERSION  : 3.14.14 (31 May 2016) debian
CABLE    : USB Cable
DRIVER   : USB UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2021-10-10 20:00:18 -0400
STATUS   : COMMLOST
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000100
END APC  : 2021-10-10 20:16:01 -0400

The APCUPSD web page also shows COMM LOST.

On PVE 3.2 it used to work. I had backed up my apcupsd.conf file and went thru every argument one by one to reconfigure it but to no avail.... Looking forward to what made it work for you!
Click to expand...
In instructions by you link, apcupsd installed on node. My apcupsd work in unprivileged container. Anyway compare my working conf in attach with you
 

Attachments

  • Like
Reactions: lpallard
Got it working. All I needed is to reboot PVE. Thats weird because the UPS was listed with lsusb and udev but somehow the apcupsd service couldnt bind to the USB port without a reboot of PVE.
 
well after a year, following the thread, but no success. I find no real diff in conf from above, but no luck. The status is COMMLOST. The configs are as follows:
On host:
Code: 
# ls -al /dev/bus/usb/002/
total 0
drwxr-xr-x 2 100000 100000       80 Oct 13 23:27 .
drwxr-xr-x 6 root   root        120 Oct 13 23:27 ..
crw-rw-r-- 1 100000 100000 189, 128 Oct 13 23:27 001
crw-rw-r-- 1 100000 100000 189, 129 Oct 13 23:27 002
on Guest:
Code: 
# ls -al /dev/bus/usb/002/
total 0
drwxr-xr-x 2 root root       80 Oct 13 23:27 .
drwxr-xr-x 3 root root       60 Oct 13 23:47 ..
crw-rw-r-- 1 root root 189, 128 Oct 13 23:27 001
crw-rw-r-- 1 root root 189, 129 Oct 13 23:27 002
Added these two in lxc_ID.conf
Code: 
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.mount.entry: /dev/bus/usb/002/ dev/bus/usb/002/ none bind,optional,create=dir
added udev rules:
Code: 
cat /etc/udev/rules.d/50-upsusb.rules
SUBSYSTEMS=="usb", KERNEL=="hiddev0", ATTRS{idVendor}=="051d", ATTRS{idProduct}=="0002", MODE="0666"
tried udev reload and reboot proxmox host too. nothing worked. cant figure out the issue.! what could have gone wrong?
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom