LXC USB Passthrough [Solved]

Post Reply
datamonkey
New here
Posts: 3
Joined: Tue Sep 29, 2020 5:14 am

LXC USB Passthrough [Solved]

Post by datamonkey »

I finally figured out how to get USB passthrough working to a LXC container and thought I'd share in case it can help others. I saw a series of questions in the forum (and here and here), but no solutions on how to fix it.

The Problem
In my case, I was trying to get a YubiHSM to be accessible in a LXC-based Ubuntu 18.04 container. The Yubi was always visible in the container, but couldn't be accessed. The YubiHSM shell running in the container couldn't connect to it and would error out with this in the logs:
WARN[0020] status failed to open usb device X-Request-ID=17c1d0b5-7f3e-453c-bd2c-b868b9166885 error='libusb: no device (code -4)'
I tried adding devices to the container in Container Station (specifically TTY and Input), but that didn't work. I could get it all to work in a virtual machine, but couldn't get things to function in a container.

The Solution
I found a similar situation on Github and used the instructions there to get it working on the NAS. There is probably an easier route to do this, but this is the only route I found. Steps 1 to 5 below identify the container's directory and its config files. Skip to Step 6 if you already know where all that is.

1. Login as an admin via SSH
2. Find your LXC path by running:
[/var/lib/lxc/YubiHSM] # lxc-config lxc.lxcpath
/var/lib/lxc
3. cd into the directory you just found: cd /var/lib/lxc (yours may be different)
4. Each container and its config files will be in a subdirectory. Find your container using 'ls' and 'cd' into that directory. My container was named 'YubiHSM', so the command was: cd YubiHSM
5. 'ls' now will list all of the config files as well as the root file system for the container.The config settings are in qconfig:
[/var/lib/lxc/YubiHSM] # cat qconfig
lxc.cgroup.cpu.cfs_quota_us = 400000
lxc.cgroup.memory.limit_in_bytes = 10485760000
lxc.cgroup.devices.allow = c 4:* rwm
lxc.cgroup.devices.allow = c 13:* rwm
lxc.start.auto = 1
lxc.utsname = YubiHSM
I recommend making a backup of that file before manipulating it. Now we need to figure out what to put there.

6. lsusb will list out the USB devices. The key parts are the Bus and Device values. In my case, I found the YubiHSM by Yubico at Bus 003, Device 002
ubuntu@YubiHSM:~$ lsusb
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 002: ID 1050:0030 Yubico.com
Bus 003 Device 003: ID 0764:0601 Cyber Power System, Inc. PR1500LCDRT2U UPS
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 1005:b155 Apacer Technology, Inc.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
7. List out the device info using the Bus and Device values from above:
[/var/lib/lxc/YubiHSM] # ls -l /dev/bus/usb/003/002
crw------- 1 admin administrators 189, 257 2020-11-10 09:34 /dev/bus/usb/003/002
You want the Major ID number, which is found after 'administrators' (189 in my case).

We're now ready to modify the qconfig file.
8. Append the following lines at the end of qconfig using the values you found above
lxc.cgroup.devices.allow: c 189:* rwm
lxc.mount.entry: /dev/bus/usb/003/002 dev/bus/usb/003/002 none bind,optional,create=file
The first line allows the container to access devices with the Major ID you found above. It's followed by a Minor ID, but this value can change when a device is unplugged and re-plugged back in, so the Minor ID is wildcarded with a * in this line. The final value on that line (rwm) allows the container to read-write-mount the device (you can remove a value for security reasons). The second line mounts the device in the container. It basically takes the device's location in the host OS and puts it in the exact same location in the Guest OS. Again, your values in that line are probably different, so use what you found above in Step 6.

9. Reboot the container and see if it worked!

Please let me know if there's an easier way to do this! It worked, but it's messy.
Model: TS-h1277XU-RP
FW: h4.5.1.1491
ymichel
New here
Posts: 8
Joined: Mon Apr 08, 2013 5:21 pm

Re: LXC USB Passthrough [Solved]

Post by ymichel »

I tried to follow your way but the moment I restart the lxc it is gone from the container station. Any clue on how I can solve that?
Post Reply

Return to “Container Station”