9:18 p.m.
On Tue, Feb 07, 2017 at 11:00:54AM -0800, ravi mh wrote:
Thanks Martin for the info.
I have tried the below snippet in the libvirt xml.
<hostdev mode='capabilities' type='storage'>
<source>
<block>/dev/sdc1</block>
</source>
</hostdev>
I meant <filesystem/> not <hostdev/>
------------
root@ir800-lxc:~# mount /dev/sdc1 /mnt/usbdr/
mount: permission denied (are you root?)
I meant you do this in the host.
----------
It works if the usernamespace is not enabled.
This is probably the problem. Your root in the container is essentially
just a regular user in the host, so it can't mount it. If you want to
pass the /dev/sdc into the container and mount it there with the user
namespace turned on, I don't know if there is a way to do this without
FUSE or other userspace utilities.
The reason being, we have enabled the username and hence its unprivileged
container.
As per this patch:
https://www.redhat.com/archives/libvir-list/2012-November/msg01555.html,
the capabilities with USB as storage is available for mounting if its
privileged container.
Is there a way to mount this inside the container with usernamespace
enabled and with some capabilities turned on?
I think you have to have CAP_SYS_ADMIN (for mount(2)) and also be root.
Maybe Daniel will know, since he implemented the possibility for
mode='capabilities' hostdevs for LXCs.
Regards,
*Ravi M H*
On Thu, Feb 2, 2017 at 9:09 PM, Martin Kletzander <mkletzan(a)redhat.com>
wrote:
> On Thu, Feb 02, 2017 at 06:30:24PM -0800, ravi mh wrote:
>
>> Hi all,
>>
>> I am not able to access USB as storage device in the lxc container.
>> Having tried to pass the usb device with the product and vendor id, not
>> able to see the device mounted in the lxc file system.
>>
>>
> It won't be mounted, it will just be passed through as a device,
> i.e. you will see it in the lsusb output. If you need to mount it, then
> it needs to be done either in the container (for which you might need
> some capability) or mounted on the host and just using device
> <filesystem/> instead.
>
> However, they are seen as char devices in the container at the location.
>> There is no issue of ACL, as the capabilities restrictions have been
>> dropped.
>>
>> Has anyone successfully mounted the storage device in the libvirt. Having
>> gone through the libvirt documentation, couldnt find further information
>> of
>> enabling the usb as storage device. Any pointers towards that would be
>> useful.
>>
>>
>> Host OS:
>>
>> IR800-GOS-1:~# lsusb
>> Bus 001 Device 003: ID 8644:800b
>> Bus 001 Device 001: ID 1d6b:0002
>> Bus 002 Device 001: ID 1d6b:0001
>> IR800-GOS-1:~#
>>
>> Lxc app container:
>>
>> root@ir800-lxc:/mnt/usb# ls -la /dev/bus/usb/001/003
>> *crwx-*----- 1 root root 189, 2 Feb 3 01:44
>> /dev/bus/usb/001/003
>>
>>
>>
>> ----------libvirt xml snippet ------------
>>
>> <hostdev mode='subsystem' type='usb'
managed='yes'>
>> <source>
>> <vendor id='0x8644'/>
>> <product id='0x800b'/>
>> </source>
>> </hostdev>
>>
>> -----------------------------
>> while changing the mode from subsystem to capabilities, it issues error
>> for
>> validating against the schema.
>>
>> ---------------while changing the hostdev mode='capabilities'----------
>>
>> virsh # edit n01_1
>> *error: XML document failed to validate against schema: Unable to validate
>> doc against /usr/share/libvirt/schemas/domain.rng*
>> Extra element devices in interleave
>> Element domain failed to validate content
>>
>> Failed. Try again? [y,n,i,f,?]:
>> error: XML document failed to validate against schema: Unable to validate
>> doc against /usr/share/libvirt/schemas/domain.rng
>>
>> --------------------------------------------
>>
>>
>> Regards,
>> *Ravi*
>>
>
> _______________________________________________
>> libvirt-users mailing list
>> libvirt-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/libvirt-users
>>
>