Raw.lxc issue - USB Stick passtrough to unprivileged container

Hello there i’m trying to add an USB device to an unprivileged container.

That failed till i found this:

printf 'lxc.cgroup2.devices.allow = c 13:* rwm\nlxc.mount.entry = usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0 dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0 none bind,optional,create=file\nlxc.cgroup2.devices.allow = c 188:* rwm\nlxc.mount.entry = /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file\n' | lxc config set openhabserver raw.lxc -

The problem is, since added that to my config, the container starts but he failes to start some services and the container also receives no ip from DHCP.

Is there someone wo had already something similar in the past?

Looking forward to your Feedback.

If you have any questions, dont hesitate to ask.

Best regards

Jan

ok, now the simple solution. Don’t rely on any howto’s.

I’ve studied the logs ( lxc info --show-log openhabserver
) and also checked my configuration.

After some test i now know, that it’s working fine with a privileged container but i want to use an unprivileged container.

Next step i have just removed the cgroup2 entries from the raw.lxc strings given in the howto with the result that i don’t need to add them (then the container was starting up again):

lxc.cgroup2.devices.allow: c 13:* rwm
lxc.cgroup2.devices.allow: c 188:* rwm

(don’t know why, i rellay need to study cgroup/cgroup2 and lxc)

this entry + correct rights on the device on the root system are enough to work with the device inside an unprivileged container.

lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file