Skip to content

Instantly share code, notes, and snippets.

@Vincent-Stragier

Vincent-Stragier/tutorial.md

Forked from crundberg/gist:a77b22de856e92a7e14c81f40e7a74bd
Last active August 18, 2024 07:58
Show Gist options
  • Save Vincent-Stragier/599758ba2b6ce30d0f5cf047f9f0d018 to your computer and use it in GitHub Desktop.
Save Vincent-Stragier/599758ba2b6ce30d0f5cf047f9f0d018 to your computer and use it in GitHub Desktop.
Download ZIP
Setup USB (COM port) pass-through on unprivileged Proxmox container
Raw
tutorial.md

Setup USB (COM port) pass-through on unprivileged Proxmox container

Preparation on host

First find your USB device with lsusb and note the ID. Here, the USB device is the Arduino SA Uno R3 (CDC ACM). The vendor is 2341 and the product is 0041.

root@home:~# lsusb
Bus 003 Device 003: ID 2341:0043 Arduino SA Uno R3 (CDC ACM)
Bus 003 Device 002: ID 0438:7900 Advanced Micro Devices, Inc. Root Hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 0438:7900 Advanced Micro Devices, Inc. Root Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Run ls -la /dev/ttyACM0 and note cgroup, in my case it was 166 (/dev/ttyACM0 depends on what devices are plugged to the host).

root@home:~# ls -la /dev/ttyACM0
crw-rw---- 1 root dialout 166, 0 Mar 14 20:27 /dev/ttyACM0

Permission

To handle the permission for the device, at least two solutions exist:

  1. change the permission of /dev/ttyACM0 as follows:
chown 100000:100020 /dev/ttyACM0

Note that the previous permission were probably root:dialout (see the output of ls -la /dev/ttyACM0 above).

This will work until the host restart. To fix that, you can add chown 100000:100020 /dev/ttyACM0 at the end of the ~\.bashrc file.

  1. create a secondary directory with a symlink to the device and the correct permission.

Change 166 in mknod to the cgroup2 you noted in previous step. <CTID> is the ID of the LXC container (e.g., 100):

mkdir -p /lxc/<CTID>/devices
cd /lxc/<CTID>/devices/
mknod -m 660 ttyACM0 c 166 0
chown 100000:100020 ttyACM0
ls -al /lxc/<CTID>/devices/ttyACM0

Device mapping

Run nano /etc/pve/lxc/<CTID>.conf and add the last two rows for cgroup2 and mount. Change 166 in cgroup2 to the cgroup2 you noted before.

arch: amd64
cores: 1
features: nesting=1
hostname: CT<CTID>
memory: 512
net0: name=eth0,bridge=vmbr0,firewall=1,gw=10.0.0.1,hwaddr=DE:AD:BE:EF:FE:ED,ip=10.0.0.2/24,type=veth
onboot: 1
ostype: debian
rootfs: local-lvm:vm-<CTID>-disk-0,size=4G
swap: 512
unprivileged: 1
lxc.cgroup2.devices.allow: c 166:* rwm
lxc.mount.entry: /dev/ttyACM0 dev/ttyACM0 none bind,optional,create=file

Using the second method, the last line should be:

lxc.mount.entry: /lxc/<CTID>/devices/ttyACM0 dev/ttyACM0 none bind,optional,create=file

Note that in the container, the device is noted dev/[...], not /dev/[...]. When running the container, the device will be available via /dev/[...].

References

  1. https://gist.github.com/crundberg/a77b22de856e92a7e14c81f40e7a74bd
  2. https://doc.turris.cz/doc/en/public/deconz_lxc_howto
  3. https://www.xmodulo.com/change-usb-device-permission-linux.html
  4. https://monach.us/automation/connecting-zwave-stick-under-lxc
  5. https://blog.benoitblanchon.fr/lxc-unprivileged-container
  6. https://gist.github.com/Yub0/518097e1a9d179dba19a787b462f7dd2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment