[libvirt-users] accessing USB as storage device through lxc container.

Martin Kletzander mkletzan at redhat.com
Wed Feb 8 13:18:42 UTC 2017 

On Tue, Feb 07, 2017 at 11:00:54AM -0800, ravi mh wrote:
>Thanks Martin for the info.
>
>
>
>I have tried the below snippet in the libvirt xml.
>
> <hostdev mode='capabilities' type='storage'>
>      <source>
>        <block>/dev/sdc1</block>
>      </source>
>    </hostdev>
>

I meant <filesystem/> not <hostdev/>

>------------
>
>root at ir800-lxc:~# mount /dev/sdc1 /mnt/usbdr/
>
>mount: permission denied (are you root?)
>

I meant you do this in the host.

>----------
>
>It works if the usernamespace is not enabled.
>

This is probably the problem.  Your root in the container is essentially
just a regular user in the host, so it can't mount it.  If you want to
pass the /dev/sdc into the container and mount it there with the user
namespace turned on, I don't know if there is a way to do this without
FUSE or other userspace utilities.

>
>
>The reason being, we have enabled the username and hence its unprivileged
>container.
>
>As per this patch:
>https://www.redhat.com/archives/libvir-list/2012-November/msg01555.html,
>the capabilities with USB as storage is available for mounting if its
>privileged container.
>
>Is there a way to mount this inside the container with usernamespace
>enabled and with some capabilities turned on?
>

I think you have to have CAP_SYS_ADMIN (for mount(2)) and also be root.

Maybe Daniel will know, since he implemented the possibility for
mode='capabilities' hostdevs for LXCs.

>
>
>Regards,
>*Ravi M H*
>
>
>
>On Thu, Feb 2, 2017 at 9:09 PM, Martin Kletzander <mkletzan at redhat.com>
>wrote:
>
>> On Thu, Feb 02, 2017 at 06:30:24PM -0800, ravi mh wrote:
>>
>>> Hi all,
>>>
>>> I am not able to access USB as storage device in the lxc container.
>>> Having tried to pass the usb device with the product and vendor id, not
>>> able to see the device mounted in the lxc file system.
>>>
>>>
>> It won't be mounted, it will just be passed through as a device,
>> i.e. you will see it in the lsusb output.  If you need to mount it, then
>> it needs to be done either in the container (for which you might need
>> some capability) or mounted on the host and just using device
>> <filesystem/> instead.
>>
>> However, they are seen as char devices in the container at the location.
>>> There is no issue of ACL, as the capabilities restrictions have been
>>> dropped.
>>>
>>> Has anyone successfully mounted the storage device in the libvirt.  Having
>>> gone through the libvirt documentation, couldnt find further information
>>> of
>>> enabling the usb as storage device.  Any pointers towards that would be
>>> useful.
>>>
>>>
>>> Host OS:
>>>
>>> IR800-GOS-1:~# lsusb
>>> Bus 001 Device 003: ID 8644:800b
>>> Bus 001 Device 001: ID 1d6b:0002
>>> Bus 002 Device 001: ID 1d6b:0001
>>> IR800-GOS-1:~#
>>>
>>> Lxc app container:
>>>
>>> root at ir800-lxc:/mnt/usb# ls -la  /dev/bus/usb/001/003
>>> *crwx-*-----    1 root     root      189,   2 Feb  3 01:44
>>> /dev/bus/usb/001/003
>>>
>>>
>>>
>>> ----------libvirt xml snippet ------------
>>>
>>>    <hostdev mode='subsystem' type='usb' managed='yes'>
>>>      <source>
>>>        <vendor id='0x8644'/>
>>>        <product id='0x800b'/>
>>>      </source>
>>>    </hostdev>
>>>
>>> -----------------------------
>>> while changing the mode from subsystem to capabilities, it issues error
>>> for
>>> validating against the schema.
>>>
>>> ---------------while changing the hostdev mode='capabilities'----------
>>>
>>> virsh # edit n01_1
>>> *error: XML document failed to validate against schema: Unable to validate
>>> doc against /usr/share/libvirt/schemas/domain.rng*
>>> Extra element devices in interleave
>>> Element domain failed to validate content
>>>
>>> Failed. Try again? [y,n,i,f,?]:
>>> error: XML document failed to validate against schema: Unable to validate
>>> doc against /usr/share/libvirt/schemas/domain.rng
>>>
>>> --------------------------------------------
>>>
>>>
>>> Regards,
>>> *Ravi*
>>>
>>
>> _______________________________________________
>>> libvirt-users mailing list
>>> libvirt-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/libvirt-users
>>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20170208/743c080b/attachment.sig>

More information about the libvirt-users mailing list