USB Permissions in LXC Container Reset on Hotplug

[Wayside]

Container Type: Privileged.


I've been searching around for a while now on this, but I can't seem to get my three character devices to retain their permissions when they reset. I have the following set in my configuration file at /etc/pve/lxc:

lxc.cgroup2.devices.allow: c 166:* rwm
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.cgroup2.devices.allow: a 81:* rwm

lxc.mount.entry: /dev/bus/usb/001 dev/bus/usb/001 none bind,optional,create=file
lxc.mount.entry: /dev/serial/by-id/usb-Klipper_stm32h743xx_2B001A000A51303339323537-if00 dev/SKR3EZ none bind,optional,create=file
lxc.mount.entry: /etc/lxc/100/devices/PIPICO dev/PIPICO none bind,optional,create=file
lxc.mount.entry: /etc/lxc/100/devices/SKRPICO dev/SKRPICO none bind,optional,create=file
lxc.mount.entry: /etc/lxc/100/devices/WEBCAM dev/v4l/by-id/WEBCAM-index0 none bind,optional,create=file

The first entry uses the /dev/serial/by-id entry directly, while the two character devices below it use a symlink which points to said entries. These are MCUs for a 3D printer. When issuing a command to reset the firmware, all device permissions are lost. They can be manually reassigned with chmod, but I'd like to avoid doing this. I tried setting a udev rule for one of the devices:

ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="614e", ATTR{serial}=="2B001A000A51303339323537", MODE="0774", SYMLINK+="SKR3EZ", GROUP="dialout"

But this didn't help. Have I overlooked something?

 

[Wayside]

Bumping this to see if I can get some help, I'm still experiencing this issue.

 

[fschauer]

Where did you set the udev rule? On the host or in the container?
It will not work in the container, since udev needs write access to /sys which is mounted as read-only in the container.
So the udev rule needs to be configured on the host.

Alternatively you could try using the device passthrough feature found in the Web UI under Resources -> Add -> Device Passthrough. In the Advanced section this allows you to specify the permissions of the device. Specifying a symlink as the device path (e.g. /dev/serial/by-id/usb-something_something) avoids the problems that come with changing device paths.