LXC, unprivileged, can't write on re-connected /dev/ttyUSB0 modem

Dear all,
i am trying to solve the following issue:
i have a GSM modem connected to a system as host + 1 unprivileged container, as /dev/ttyUSB0. At system boot, with modem connected, i see:
host :
crw-rw---- 1 root groupa 188, 0 1970-01-01 00:00 ttyUSB0
crw-rw---- 1 65534 root 188, 0 1970-01-01 00:00 ttyUSB0

All is ok. Then, i reset the modem by a reset signal. Once properly re-detected, i see
crw-rw---- 1 root groupa 188, 0 2018-02-15 09:59 ttyUSB0
c--------- 0 65534 65534 188, 0 1970-01-01 00:00 ttyUSB0

So, on the host, i have to re-add the device by lxc-device
lxc-device -P /var/lib/lxcs -n gpx add /dev/ttyUSB0

then after attach, on the unprivileged i find:
crw-r----- 1 65534 65534 188, 0 2018-02-15 10:02 ttyUSB0

Coming back on the host, i can chmod 666 but then unprivileged appears
crw-r–r-- 1 65534 65534 188, 0 2018-02-15 10:02 ttyUSB0

So, i cannot write AT commands anymore on the modem after a reset.
Every help really appreciated

Looks like the device gets disconnected and reattached when you trigger that reset, causing the permissions to change.

Assuming you’re not mixing multiple of those USB serial devices, it may be easiest to manually mknod a copy of ttyUSB0, chown it to the right uid and gid and then bind-mount that into the container.

An alternative would be to setup a udev hook on your host which would fix the permissions whenever the device re-appears.

Hi stgraber,
many thanks,
by the way, could you maybe explain step by step the procedure ?
I cannot mknod since the ttyUSB0 device is already there in the host, and in the container is c--------- 0,
only lxc-device is applying, but seems not being able to set ir crw-rw---- again.-

You don’t have to mknod it under /dev, you can perfectly mknod it under /var/lib/lxc/CONTAINER-NAME/devices/ttyUSB0 or something and then chown/chmod it as needed and bind-mount it into the container with a lxc.mount.entry config option.

1 Like

Ok, clear thanks,
btw, in this way i have to restart the container to see the bind-mount applied ?

You would indeed, but it would be in the container even if the device isn’t physically connected yet, so hopefully it’d just be a one time thing.