USB devices "source" path

derek@dmbr incus % ./incus config device add debian-container tmp-dev disk source=/dev path=/mnt/dev recursive=true
Device tmp-dev added to debian-container

derek@dmbr incus % ./incus exec debian-container -- ls -lh /dev/
total 0
crw------- 1 root   tty     136,   0 Nov 16 22:19 console
lrwxrwxrwx 1 root   root          11 Nov 16 22:19 core -> /proc/kcore
lrwxrwxrwx 1 root   root          13 Nov 16 22:19 fd -> /proc/self/fd
crw-rw-rw- 1 nobody nogroup   1,   7 Nov 16 20:13 full
crw-rw-rw- 1 nobody nogroup  10, 229 Nov 16 22:19 fuse
drwxr-xr-x 2 nobody nogroup       60 Nov 16 20:13 incus
lrwxrwxrwx 1 root   root          12 Nov 16 22:19 initctl -> /run/initctl
lrwxrwxrwx 1 root   root          28 Nov 16 22:19 log -> /run/systemd/journal/dev-log
drwxrwxrwt 2 nobody nogroup       40 Nov 16 20:12 mqueue
drwxr-xr-x 2 root   root          60 Nov 16 22:19 net
crw-rw-rw- 1 nobody nogroup   1,   3 Nov 16 20:13 null
crw-rw-rw- 1 root   root      5,   2 Nov 16 22:19 ptmx
drwxr-xr-x 2 root   root           0 Nov 16 22:19 pts
crw-rw-rw- 1 nobody nogroup   1,   8 Nov 16 20:13 random
drwxrwxrwt 2 root   root          40 Nov 16 22:19 shm
lrwxrwxrwx 1 root   root          15 Nov 16 22:19 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root   root          15 Nov 16 22:19 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root   root          15 Nov 16 22:19 stdout -> /proc/self/fd/1
crw-rw-rw- 1 nobody nogroup   5,   0 Nov 16 20:18 tty
crw-rw-rw- 1 nobody nogroup   1,   9 Nov 16 20:13 urandom
crw-rw-rw- 1 nobody nogroup   1,   5 Nov 16 20:13 zero
crw-rw-rw- 1 nobody nogroup  10, 249 Nov 16 20:13 zfs

That will handle the device issue.

Oops, you want ls -lh /mnt/dev not ls -lh /dev

Yeah, I was wondering what you were looking for there

derek@dmbr incus % ./incus exec debian-container -- ls -lh /mnt/dev/

...

crw-rw----  1 nobody nogroup 166,     0 Nov 16 20:13 ttyACM0
crw-rw----  1 nobody nogroup 166,     1 Nov 16 21:35 ttyACM1

....

Okay, do you also see something in ls -lh /mnt/dev/serial/by-id/?

derek@dmbr incus % ./incus exec debian-container -- ls -lh /mnt/dev/serial/by-id/
total 0
lrwxrwxrwx 1 nobody nogroup 13 Nov 16 20:12 usb-0658_0200-if00 -> ../../ttyACM0
lrwxrwxrwx 1 nobody nogroup 13 Nov 16 21:35 usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2122506-if00 -> ../../ttyACM1

as expected

Ah, funny, you have the same zwave/zigbee combo that I used to have

the best !

So yeah, unix-char source=/dev/serial/by-id/usb-0658_0200-if00 path=/dev/zwave should get you the z-wave one and unix-char source=/dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2122506-if00 path=/dev/zigbee should get you the zigbee one.

That is, once the PR above has been merged and the fix rolled out.

Lovely !
I’ll be following up on this then !

Thanks again !

Tracking for the serial device reporting:

Hurray !

derek@dmbr incus % ./incus console --show-log zjs --project=jarvis  
[WARN  tini (21)] Tini is not running as PID 1 and isn't registered as a child subreaper.
Zombie processes will not be re-parented to Tini, so zombie reaping won't work.
To fix the problem, use the -s option or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1.
Starting zwave-server: zwave-server /dev/zwave --config options.js --disable-dns-sd
19:30:50.280 DRIVER   ███████╗        ██╗    ██╗  █████╗  ██╗   ██╗ ███████╗          ██╗ ███████╗
                      ╚══███╔╝        ██║    ██║ ██╔══██╗ ██║   ██║ ██╔════╝          ██║ ██╔════╝
                        ███╔╝  █████╗ ██║ █╗ ██║ ███████║ ██║   ██║ █████╗            ██║ ███████╗
                       ███╔╝   ╚════╝ ██║███╗██║ ██╔══██║ ╚██╗ ██╔╝ ██╔══╝       ██   ██║ ╚════██║
                      ███████╗        ╚███╔███╔╝ ██║  ██║  ╚████╔╝  ███████╗     ╚█████╔╝ ███████║
                      ╚══════╝         ╚══╝╚══╝  ╚═╝  ╚═╝   ╚═══╝   ╚══════╝      ╚════╝  ╚══════╝
19:30:50.281 DRIVER   version 15.16.0
19:30:50.281 DRIVER   
19:30:50.281 DRIVER   starting driver...
19:30:50.281 DRIVER   opening serial port /dev/zwave

Uh oh…

derek@dmbr incus % ./incus console --show-log zjs --project=jarvis  
19:30:59.302 DRIVER   Failed to open the serial port: Error: Permission denied, cannot open /dev/zwa
                      ve
19:30:59.303 DRIVER   destroying driver instance...
19:30:59.304 DRIVER   driver instance destroyed
19:30:59.304 SERVER   [ERROR] failed starting driver.
ZWaveError: Failed to open the serial port: Error: Permission denied, cannot open /dev/zwave (ZW0100)
    at Driver.openSerialport (file:///app/node_modules/zwave-js/src/lib/driver/Driver.ts:1843:9)
    at Immediate.<anonymous> (file:///app/node_modules/zwave-js/src/lib/driver/Driver.ts:1606:5)

When I was running it on Ubuntu, I had to do some apparmor configuration, does this still required within IncusOS ?

Hmm, what’s your current incus config show --expanded zjs?

derek@dmbr incus % ./incus config show --expanded zjs --project jarvis
architecture: x86_64
config:
  environment.BUILD_VERSION: 3.4.0-15.16.0-f9c87f1a
  environment.ENABLE_DNS_SD: "false"
  environment.HOME: /root
  environment.LOGFILENAME: /logs/zwavejs
  environment.LR_S2_ACCESS_CONTROL_KEY: <redacted>
  environment.LR_S2_AUTHENTICATED_KEY: <redacted>
  environment.NODE_ENV: production
  environment.PATH: /app/node_modules/.bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  environment.RF_REGION: USA (Long Range)
  environment.S0_LEGACY_KEY: <redacted>
  environment.S2_ACCESS_CONTROL_KEY: <redacted>
  environment.S2_AUTHENTICATED_KEY: <redacted>
  environment.S2_UNAUTHENTICATED_KEY: <redacted>
  environment.TERM: xterm
  environment.USB_PATH: /dev/zwave
  environment.ZWAVEJS_EXTERNAL_CONFIG: /cache/db
  image.architecture: x86_64
  image.description: docker.io/kpine/zwave-js-server (OCI)
  image.id: kpine/zwave-js-server:latest
  image.type: oci
  oci.cwd: /app
  oci.entrypoint: /sbin/tini -- docker-entrypoint.sh
  oci.gid: "0"
  oci.uid: "0"
  raw.apparmor: /dev/ttyACM0 rw, /dev/ttyACM1 rw, /dev/zwave rw,
  volatile.base_image: d40f9e798ae8a4bc6a57fbb2328b6027625f217496d55d7698e04ffaa205d80c
  volatile.cloud-init.instance-id: c83f70b1-1d1e-48b1-a0bc-7c391c6cc30b
  volatile.container.oci: "true"
  volatile.eth0.hwaddr: <redacted>
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: STOPPED
  volatile.last_state.ready: "false"
  volatile.uuid: 457408c4-2f4a-44ce-b298-feced13d2813
  volatile.uuid.generation: 457408c4-2f4a-44ce-b298-feced13d2813
devices:
  eth0:
    name: eth0
    network: jarvis
    type: nic
  root:
    path: /
    pool: local
    type: disk
  zwave:
    path: /dev/zwave
    source: /dev/serial/by-id/usb-0658_0200-if00
    type: unix-char
ephemeral: false
profiles:
- default
stateful: false
description: ""

Okay, I don’t know if it drops privileges and runs as non-root or what, but I’d suggest playing with uid, gid and mode on the device to see if you can get it work that way.

I’ll do some test but curious to understand why this was working when running in Incus under Ubuntu ?

Possibly because the default permissions on the host were more permissive, that may depend on the specific udev rules they had there for those kind of devices.

If you’re hitting an apparmor issue instead, then it should show up the system log.