Exclusively attaching a 4G modem to an LXD container

Hi all, at the moment I’m trying to attach a 4G LTE modem to an unprivileged LXD container. This device is a cdc-ether device that creates a usb0 interface to which it provides a local IP address acting as a DHCP server.

[ 8.052001] usb 4-1: new high-speed USB device number 3 using ehci-platform
[ 8.244141] usb 4-1: New USB device found, idVendor=19d2, idProduct=1405
[ 8.244161] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 8.244172] usb 4-1: Product: ZTE WCDMA Technologies MSM
[ 8.244183] usb 4-1: Manufacturer: ZTE,Incorporated
[ 8.244194] usb 4-1: SerialNumber: MF8230ZTED010XXXXXXXXXXXXXXXXXXXXXXXXXX
[ 8.270387] usb-storage 4-1:1.2: USB Mass Storage device detected
[ 8.270758] scsi host0: usb-storage 4-1:1.2

[ 12.876134] cdc_ether 4-1:1.0 usb0: register ‘cdc_ether’ at usb-1c1c000.usb-1, ZTE CDC Ethernet Device, 76:64:a7:10:3b:0a
[ 12.876336] usbcore: registered new interface driver cdc_ether

[ 14.155731] cdc_ether 4-1:1.0 usb0: kevent 12 may have been dropped

I would like to isolate this device from the host, by having the USB processes that lead to the usb0 interface being created completely happen in the container. Is something like this possible? This is not a libusb device (so the usb device type doesn’t work) and isn’t a block character device either.

So since the modem creates an ethernet device, you’re going to need to use nic passthrough instead.
Once the modem is plugged you can do:

lxc config device add CONTAINER-NAME usb0 nic nictype=physical parent=usb0

Which will make it disappear from the host and appear in your container.
Unfortunately we don’t have hotplug support for USB network devices, so you’re going to have to run that command by hand after it’s plugged in and run this prior to unplugging it.

lxc config device remove CONTAINER-NAME usb0

You may be able to use a udev hook or systemd unit on the host to automatically to this for you though.