Work has given me a Yubikey (5C nano, but I don’t think that matters), and I want that to work in an LXC guest.
I haven’t found any good guides to doing that, but it might boil down to making the device visible inside the guest, and I have seen a couple of guides on making other devices accesible inside proxmox - that at least sometimes (?) is based on LXC.
Can anyone guide me?
We do it in Incus and it’s actually something we have daily tests for (with an older Yubikey).
To do it manually with LXC, you’ll most likely want to run something like udevadm monitor, then unplug and replug your yubikey and see what devices get created.
I seem to remember the most important ones being /dev/hidrawXYZ devices, passing those into the container should give it access. (lxc-device may be useful for that)
There have been some other issues that have taken priority, so I haven’t spend much time on this.
I should perhaps start by saying that I run Debian stable (and have done for longer than ubuntu - and thereby all solutions that have been developed there - existed), i.e. no incus, just plain lxc.
udevadm monitor outputs at lot, but I can see some hidrawN devices mentioned.
But when I try lxc-device --name <guest> add /dev/hidraw1, I just get error 1, with the string “0” in $!. That is whether guest is running or not. Could it be because my guests are unprivileged? I like the fact that they are entirely running without privileges to trash the system. If that is the case is it still possible?
The above is when running the command as an ordinary user (the one that owns the guests), if I try as root (by putting sudo in front of the command), I’m told:
lxc-device: <guest>: ../src/lxc/tools/lxc_device.c: main: 128 Container <guest> is not running
whether the guest is running or not (but not as root where it probably checks.