I ran into an issue with permissions while adding a character device to a running container.
The device is configured in a profile. When I add the profile to a running container, accessing the device only works partially. Depending on how I invoke a command that uses the device file, either the command can access the device, or opening the device file results in error EPERM.
lxc exec <container> -- sudo -u <user> <command> works, while
ssh <user>@<container-ip> -- <command> results in EPERM.
If I add the profile before starting the container (or restart the container after adding it), accessing the device always works as expected.
Am I expected to add the device before starting the container, or did I miss something in the configuration? Any hints are highly appreciated.