>On Tue, Jan 28, 2020 at 08:24:30AM +0000, Tim Jaacks wrote: >> Hello everyone, >> >> I have a problem where a physical hardware device passed through to an LXC >> container cannot be read from or written to when I am connected via SSH. >> >> The device node of my physical hardware device looks like this: >> >> myuser@myhost:~$ ls -la /dev/usb/hiddev0 >> crw-rw-rw- 1 root root 180, 0 Jul 30 10:27 /dev/usb/hiddev0 >> >> This is how I create and start my container: >> >> myuser@myhost:~$ sudo lxc-create -q -t debian -n mylxc -- -r stretch >> myuser@myhost:~$ sudo lxc-start -n mylxc >> >> Then I add the device node to the LXC: >> >> myuser@myhost:~$ sudo lxc-device -n mylxc add /dev/usb/hiddev0 >> >> Afterwards the device is available in the LXC and I can read from it after >> having attached to the LXC: >> >> myuser@myhost:~$ sudo lxc-attach -n mylxc >> root@mylxc:/# ls -la /dev/usb/hiddev0 >> crw-r--r-- 1 root root 180, 0 Aug 27 11:26 /dev/usb/hiddev0 >> root@mylxc:/# cat /dev/usb/hiddev0 >> ??????????^C >> root@mylxc:/# >> >> I then enable root access via SSH without a password: >> >> myuser@myhost:~$ sudo lxc-attach -n mylxc >> root@mylxc:/# sed -i 's/#\?PermitRootLogin.*/PermitRootLogin yes/g' >> /etc/ssh/sshd_config >> root@mylxc:/# sed -i 's/#\?PermitEmptyPasswords.*/PermitEmptyPasswords >> yes/g' /etc/ssh/sshd_config >> root@mylxc:/# sed -i 's/#\?UsePAM.*/UsePAM no/g' /etc/ssh/sshd_config >> root@mylxc:/# passwd -d root >> passwd: password expiry information changed. >> root@mylxc:/# /etc/init.d/ssh restart >> Restarting ssh (via systemctl): ssh.service. >> root@mylxc:/# exit >> >> When I connect via SSH now, the device node is there, but I cannot access it: >> >> myuser@myhost:~$ ssh root@<lxc-ip-address> >> root@mylxc:~# ls -la /dev/usb/hiddev0 >> crw-r--r-- 1 root root 180, 0 Aug 27 11:26 /dev/usb/hiddev0 >> root@mylxc:~# cat /dev/usb/hiddev0 >> cat: /dev/usb/hiddev0: Operation not permitted >> >> In both cases (lxc-attach and ssh) I am the root user (verified via whoami), >> so this cannot be the problem. >> >> Why am I not allowed to access the device when I am connected via SSH? > > Can you look at your cgroup membership in both cases? >
I am not sure what this means exactly. I have tried reading /proc/<pid>/cgroups of both the SSH process (upper) and the lxc-attach process (lower): tim.jaacks@a048:~$ cat /proc/26732/cgroup 11:pids:/lxc/mylxc/system.slice/ssh.service 10:net_cls,net_prio:/lxc/mylxc 9:perf_event:/lxc/mylxc 8:freezer:/lxc/mylxc 7:cpuset:/lxc/mylxc 6:rdma:/lxc/mylxc 5:memory:/lxc/mylxc 4:cpu,cpuacct:/lxc/mylxc 3:devices:/lxc/mylxc/system.slice/ssh.service 2:blkio:/lxc/mylxc 1:name=systemd:/lxc/mylxc/system.slice/ssh.service 0::/lxc/mylxc tim.jaacks@a048:~$ cat /proc/26600/cgroup 11:pids:/user.slice/user-1001.slice/session-1528.scope 10:net_cls,net_prio:/ 9:perf_event:/ 8:freezer:/user/root/0 7:cpuset:/ 6:rdma:/ 5:memory:/user/root/0 4:cpu,cpuacct:/user.slice 3:devices:/user.slice 2:blkio:/user.slice 1:name=systemd:/user/root/0 0::/user.slice/user-1001.slice/session-1528.scope Does this help? I have no idea what all these fields mean. _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
