Mount DVD drive inside unpriviledged container not working

XuRuHang · March 28, 2019, 8:59pm

Hello

I’m currently using LXD containers for running Wine and games inside, thanks to great tutorials from Simos Xenitellis.
However there’s one issue I’m stuck with. I cannot mount a DVD inside the container (ubuntu 18.04 based). The host is also ubuntu 18.04 desktop.

It works if I set the container in privileged mode, but I would like to get access from unprivileged one.

lxc config device add ubuntu1804 cdrom unix-block source=/dev/sr0 path=/dev/sr0

sudo ls -la /var/lib/lxd/storage-pools/lxd-zfs/containers/ubuntu1804
total 16
drwxr-xr-x+  4 231072 231072    6 déc.  27 11:15 .
drwx--x--x   3 root   root   4096 déc.  27 11:15 ..
-r--------   1 root   root   4567 mars  28 21:46 backup.yaml
-rw-r--r--   1 root   root   1048 déc.   6 18:05 metadata.yaml
drwxr-xr-x  22 231072 231072   22 févr. 11 15:17 rootfs
drwxr-xr-x   2 root   root      7 déc.   6 18:05 templates

sudo setfacl -m u:231072:rwx /dev/sr0

# file: dev/sr0
# owner: root
# group: cdrom
user::rw-
user:laurent:rw-
user:231072:rwx
group::rw-
mask::rwx
other::---

Inside container:
sudo mount /dev/sr0 /mnt
mount: /mnt: permission denied.

No related messages in dmesg or /var/log/syslog

Any help would be appreciated !! Thanks

Lox · March 28, 2019, 10:26pm

Normal containers are not allowed to “mount” anything. You rather mount it in the host and add the mountpoint as a “disk” device.

gpatel-fr · March 28, 2019, 11:36pm

err, how about this:
https://stgraber.org/2017/03/27/usb-hotplug-with-lxd-containers/

IMO, it should work. But it does not, tried it myself with host 18.04/container 18.04 and host 16.04 / host 18.04 or 16.04 all with snap 3.11 (The OP did not say what is used but from the id used it’s probably snap too)

Lox · March 28, 2019, 11:45pm

In the howto he is adding a device of type USB not unix-block

simos · March 28, 2019, 11:52pm

@XuRuHang, is there a requirement for the container to mount the physical Unix block device? Such as due to some copy-protection restriction in the game? Or, you want to just access some game assets?

The full documentation of the LXD disk device is at https://github.com/lxc/lxd/blob/master/doc/containers.md#type-disk There are a few extra parameters to the lxc config device add ... disk line, such as the propagation parameter.

XuRuHang · March 30, 2019, 7:10am

@simos
yes exactly I would like to access optical drives in a more convenient way, both for copy protection (despite Wine is not dealing with all types, some are well managed) and also to access assets on the disk required by some games, or even during game installation.

I will dig in the documentation links sent, and will let you know

Thanks a lot!

XuRuHang · April 8, 2019, 8:23pm

I’m giving an update on this topic
Well I first tried to use “propagation” option for lxc config device but seems not working in my ubuntu 18.04 (LXD 3.0.3):
Invalid device configuration key for disk: propagation

I got more or less some success by following these steps:

load the cdrom on drive
unmount on host (was automounted)
type:
lxc config device add ubuntu1804 cdrom disk readonly=true source=/dev/sr0 path=/mnt/cdrom

then I was able to use the cdrom inside my container ubuntu1804

For changing CD, typed:
lxc config device remove ubuntu1804 cdrom
Then did steps 1 to 3 again with another CD

Works but not exactly as I wanted by giving full control inside the container : load cdrom in drive, then just mount it inside the container

Lox · April 9, 2019, 2:50am

Containers cannot mount anything, even a simple .img file.

You could write an udev rule that add/removes the device from the container when needed.