Re: [libvirt-users] LXC + USB passthrough = Operation not permitted
On Fri, Apr 11, 2014 at 05:32:28PM -0700, Filip Maj wrote:
Hi!
First post, kind of a noobie. I've been working with LXC and libvirt for a
few months now. Trying to do some interesting things with containers and
Android devices :D
Here's my entire domain definition:
<domain type='lxc'>
<name>oshi32134</name>
<uuid>xxxxx</uuid>
<memory unit='KiB'>3145728</memory>
<currentMemory unit='KiB'>3145728</currentMemory>
<vcpu placement='static'>1</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='i686'>exe</type>
<init>/sbin/init</init>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/some/valid/filesystem/location'/>
<target dir='/'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/another/valid/filesystem/location'/>
<target dir='/mnt/android'/>
</filesystem>
<interface type='bridge'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source bridge='br1'/>
</interface>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
<hostdev mode='capabilities' type='misc'>
<source>
<char>/dev/kvm</char>
</source>
</hostdev>
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<vendor id='0x04e8'/>
<product id='0x6860'/>
</source>
</hostdev>
</devices>
</domain>
Your config looks fine here.
Everything worked fine until I added the USB <hostdev> element. I'm
essentially trying to get access to a physical Android device connected to
the host from inside a container. When I go to start the container, I get
an error about Operation not permitted. Here's the relevant bits from
/var/log/libvirt/lxc/machine.log:
2014-04-11 22:46:40.491+0000: starting up
PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
LIBVIRT_DEBUG=3 LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/libvirt_lxc
--name oshi32134 --console 24 --security=none --handshake 27 --background
--veth vnet1
2014-04-11 22:46:40.597+0000: 685: info : libvirt version: 1.2.2
2014-04-11 22:46:40.597+0000: 685: error :
virLXCControllerSetupHostdevSubsysUSB:1390 : Unable to create device
//var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not
permitted
Unable to create device
//var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not
permitted
Do you have AppArmour enabled on the machine. That seems like the
most likely thing that would result in libvirt getting that permission
error.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|