[libvirt-users] LXC + USB passthrough = Operation not permitted

Filip Maj fil at saucelabs.com
Mon Apr 14 17:44:41 UTC 2014 

So, if I remove the hostdev element related to the USB device, running
`lsusb` and `usb-devices` inside the container lists the proper device, but
I do not see the appropriate character device bus for the Android device
under /dev/bus/usb. We are not entirely sure that `lsusb` and `usb-devices`
queries the appropriate location - it somehow gets information from the
host, not the guest container, as far as we can tell.

If we specify the appropriate usb bus character device path (like you
suggest, Cheng), then it does appear inside the container, but the
permissions and ownership on the device seem to be incorrect. Here are the
details of the appropriate device busses in the host (002 and 003 are the
specific Android devices):

$ ll /dev/bus/usb/002
total 0
drwxr-xr-x  2 root root         100 Apr  9 18:14 ./
drwxr-xr-x 10 root root         200 Apr  9 18:14 ../
crw-rw-r--  1 root root    189, 128 Apr  9 18:14 001
crw-rw-r--  1 root plugdev 189, 129 Apr  9 18:14 002
crw-rw-r--  1 root plugdev 189, 130 Apr 10 15:25 003

Then, I removed the old mode="subsystem" hostdev element and added the
following hostdev elements:

        <hostdev mode='capabilities' type='misc'>
          <source>
            <char>/dev/bus/usb/002/002</char>
          </source>
        </hostdev>
        <hostdev mode='capabilities' type='misc'>
          <source>
            <char>/dev/bus/usb/002/003</char>
          </source>
        </hostdev>

Then I get inside the guest container and list out the usb busses we just
mounted:

$ ll /dev/bus/usb/002/
total 0
drwxr-xr-x 2 root root       80 Apr 14 17:43 ./
drwxr-xr-x 3 root root       60 Apr 14 17:43 ../
crwx------ 1 root root 189, 129 Apr 14 17:43 002
crwx------ 1 root root 189, 130 Apr 14 17:43 003

You can see the group that owns the character devices is different, and the
read/write permissions are different, too. Not sure if this is the root of
the issue, but, I noticed that difference. In any case, the Android devices
are still not recognized by the container.

Any help is appreciated!

Cheers,
Fil


On Sun, Apr 13, 2014 at 8:50 PM, WANG Cheng D <
Cheng.d.Wang at alcatel-sbell.com.cn> wrote:

>  Can you see the USB device in the lxc?
>
> My answering assumes you cannot see the USB device in the container. If
> you can see it, please ignore my answer.
>
> According to my understanding, “hostdev mode='subsystem' “ is used with
> KVM only. We use this if we want to passthrough a device to a KVM virtual
> machine. After doing that, the host machine will lose control of the
> device. If container is used, the container is not a real virtual machine,
> it’s just a group of processes and it shares the OS kernel with the host.
> If a device cannot be seen by the host machine, I guess it also cannot been
> seen by the container.
>
> I used the following XML scripts to expose a third-party PCIe card to the
> container successfully, and I can access the card in the lxc.
>
> <hostdev mode=’capabilities’ type=’misc’>
>
>    <source>
>
>        <char/dev/mydevice</char>
>
>   </source>
>
> </hostdev>
>
> Although I am not sure if my card is a char device, but it really works.
>
> If I use “ hostdev mode=’subsystem’”, it will fail to expose the PCIe card.
>
>
>
> *From:* Filip Maj [mailto:fil at saucelabs.com]
> *Sent:* 2014年4月14日 11:26
> *To:* WANG Cheng D
> *Cc:* libvirt-users at redhat.com
> *Subject:* RE: [libvirt-users] LXC + USB passthrough = Operation not
> permitted
>
>
>
> Hi Chang Weng,
>
> Thanks for answering!
>
> Could you explain why subsystem=USB does not make sense? I was simply
> following the documentation for USB devices (right above the section you
> linked to).
>
> For what it's worth, I've also tried mounting the specific character
> device related to the appropriate android device into the container in the
> way you suggest, with no luck; `adb` still does not recognize the device.
>
> On Apr 13, 2014 7:10 PM, "WANG Cheng D" <Cheng.d.Wang at alcatel-sbell.com.cn>
> wrote:
>
> Dear Fil,
>
> I am not sure if my answer can help you.
>
> I had ever asked a similar question to Daniel and I was using a
> thirty-party card. As a container uses a shared kernel with the host, so
> hostdev mode='subsystem' doesn’t make sense. Maybe you can try to use
> hostdev mode='capabilities’. Please see
> http://libvirt.org/formatdomain.html#elementsHostDevCaps
>
> Hope this helps
>
> Cheng Wang
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140414/f065e0b2/attachment.htm>

More information about the libvirt-users mailing list