LXC USB Device Passthrough
I am trying to create an LXC container running mythtv (server) .. .which needs access to USB tuners
There seems to be a dearth of information on how to pass USB devices through to an LXC container
This post discusses the need to set cgroups appropriately https://unix.stackexchange.com/questions/137931/usb-passthrough-for-lxc-containers
The host is Ubuntu 14.04 (Trusty) which is successfully running other unprivileged LXC containers accessed via X2Go and direct to X11 (1 of each type running "permanently" and working well). The base config has (only) been changed to place container storage in a custom location (dedicated LVM partition).
The container in question is (a) privileged (b) running Ubuntu Trusty AMD64 (c) has cgroups set in the config file "lxc.cgroup.devices.allow = c 189:* rwm" which seems appropriate given that the major / minor ids of the USB devices in question are found using "ls -la /dev/bus/usb/003/"
Apparmor doesn't seem to be the primary issue (though I could be wrong) I have tried setting "lxc.aa_profile = unconfined", which didn't seem to help. I also created a custom Apparmor profile which just led to a series of cgroup errors. I'm stumped and don't even know where to start - Google searches turn up discussions of Libvirt based USB passthrough and a patch for LXC USB passthrough, but no instructions for non-Libvirt situations
Could someone please advise how to go about this.
Thanks
Basically the answer is that -
-
You need to bind mount the host devices you want to access eg.
mount --bind /dev/dvb /path_to_your_container/rootfs/dev/dvb
.... remember to create the target directory first
- Ensure you're either using a privileged container or you have granted the host's
owner
of an unprivileged container access to the device(s) you mounted above - Add the relevant cgroup entry in your container config file (or
/etc/lxc/lx.conf
for all privileged containers) ie.lxc.cgroup.devices.allow = c xxx:* rwm
wherexxx
= the "major" part of the major:minor id found usingls -la /dev/dvb
say ..... 212 for DVB or 189 for USB (on my system), thus for my case, dvb access is granted vialxc.cgroup.devices.allow = c 212:* rwm
Apparmor changes are unnecessary .. the bind mount and cgroup entry were sufficient to enable container access to DVB devices (which happen to be USB devices BUT it was not necessary to enable access to "USB" devices as well ... just the DVB devices in /dev/dvb)