On Tue, Jan 28, 2020 at 08:24:30AM +0000, Tim Jaacks wrote: > Hello everyone, > > I have a problem where a physical hardware device passed through to an LXC > container cannot be read from or written to when I am connected via SSH. > > The device node of my physical hardware device looks like this: > > myuser@myhost:~$ ls -la /dev/usb/hiddev0 > crw-rw-rw- 1 root root 180, 0 Jul 30 10:27 /dev/usb/hiddev0 > > This is how I create and start my container: > > myuser@myhost:~$ sudo lxc-create -q -t debian -n mylxc -- -r stretch > myuser@myhost:~$ sudo lxc-start -n mylxc > > Then I add the device node to the LXC: > > myuser@myhost:~$ sudo lxc-device -n mylxc add /dev/usb/hiddev0 > > Afterwards the device is available in the LXC and I can read from it after > having attached to the LXC: > > myuser@myhost:~$ sudo lxc-attach -n mylxc > root@mylxc:/# ls -la /dev/usb/hiddev0 > crw-r--r-- 1 root root 180, 0 Aug 27 11:26 /dev/usb/hiddev0 > root@mylxc:/# cat /dev/usb/hiddev0 > ����������^C > root@mylxc:/# > > I then enable root access via SSH without a password: > > myuser@myhost:~$ sudo lxc-attach -n mylxc > root@mylxc:/# sed -i 's/#\?PermitRootLogin.*/PermitRootLogin yes/g' > /etc/ssh/sshd_config > root@mylxc:/# sed -i 's/#\?PermitEmptyPasswords.*/PermitEmptyPasswords > yes/g' /etc/ssh/sshd_config > root@mylxc:/# sed -i 's/#\?UsePAM.*/UsePAM no/g' /etc/ssh/sshd_config > root@mylxc:/# passwd -d root > passwd: password expiry information changed. > root@mylxc:/# /etc/init.d/ssh restart > Restarting ssh (via systemctl): ssh.service. > root@mylxc:/# exit > > When I connect via SSH now, the device node is there, but I cannot access it: > > myuser@myhost:~$ ssh root@<lxc-ip-address> > root@mylxc:~# ls -la /dev/usb/hiddev0 > crw-r--r-- 1 root root 180, 0 Aug 27 11:26 /dev/usb/hiddev0 > root@mylxc:~# cat /dev/usb/hiddev0 > cat: /dev/usb/hiddev0: Operation not permitted > > In both cases (lxc-attach and ssh) I am the root user (verified via whoami), > so this cannot be the problem. > > Why am I not allowed to access the device when I am connected via SSH?
Can you look at your cgroup membership in both cases? _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users