On Tue, Feb 07, 2017 at 11:00:54AM -0800, ravi mh wrote:
Thanks Martin for the info. I have tried the below snippet in the libvirt xml. <hostdev mode='capabilities' type='storage'> <source> <block>/dev/sdc1</block> </source> </hostdev>
I meant <filesystem/> not <hostdev/>
------------ root@ir800-lxc:~# mount /dev/sdc1 /mnt/usbdr/ mount: permission denied (are you root?)
I meant you do this in the host.
---------- It works if the usernamespace is not enabled.
This is probably the problem. Your root in the container is essentially just a regular user in the host, so it can't mount it. If you want to pass the /dev/sdc into the container and mount it there with the user namespace turned on, I don't know if there is a way to do this without FUSE or other userspace utilities.
The reason being, we have enabled the username and hence its unprivileged container. As per this patch: https://www.redhat.com/archives/libvir-list/2012-November/msg01555.html, the capabilities with USB as storage is available for mounting if its privileged container. Is there a way to mount this inside the container with usernamespace enabled and with some capabilities turned on?
I think you have to have CAP_SYS_ADMIN (for mount(2)) and also be root. Maybe Daniel will know, since he implemented the possibility for mode='capabilities' hostdevs for LXCs.
Regards, *Ravi M H* On Thu, Feb 2, 2017 at 9:09 PM, Martin Kletzander <mkletzan@xxxxxxxxxx> wrote:On Thu, Feb 02, 2017 at 06:30:24PM -0800, ravi mh wrote:Hi all, I am not able to access USB as storage device in the lxc container. Having tried to pass the usb device with the product and vendor id, not able to see the device mounted in the lxc file system.It won't be mounted, it will just be passed through as a device, i.e. you will see it in the lsusb output. If you need to mount it, then it needs to be done either in the container (for which you might need some capability) or mounted on the host and just using device <filesystem/> instead. However, they are seen as char devices in the container at the location.There is no issue of ACL, as the capabilities restrictions have been dropped. Has anyone successfully mounted the storage device in the libvirt. Having gone through the libvirt documentation, couldnt find further information of enabling the usb as storage device. Any pointers towards that would be useful. Host OS: IR800-GOS-1:~# lsusb Bus 001 Device 003: ID 8644:800b Bus 001 Device 001: ID 1d6b:0002 Bus 002 Device 001: ID 1d6b:0001 IR800-GOS-1:~# Lxc app container: root@ir800-lxc:/mnt/usb# ls -la /dev/bus/usb/001/003 *crwx-*----- 1 root root 189, 2 Feb 3 01:44 /dev/bus/usb/001/003 ----------libvirt xml snippet ------------ <hostdev mode='subsystem' type='usb' managed='yes'> <source> <vendor id='0x8644'/> <product id='0x800b'/> </source> </hostdev> ----------------------------- while changing the mode from subsystem to capabilities, it issues error for validating against the schema. ---------------while changing the hostdev mode='capabilities'---------- virsh # edit n01_1 *error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng* Extra element devices in interleave Element domain failed to validate content Failed. Try again? [y,n,i,f,?]: error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng -------------------------------------------- Regards, *Ravi*_______________________________________________libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users