libvirt users - Feb 2017 - Re: accessing USB as storage device through lxc container.

Hi all,

I am not able to access USB as storage device in the lxc container.
Having tried to pass the usb device with the product and vendor id, not
able to see the device mounted in the lxc file system.

However, they are seen as char devices in the container at the location.
There is no issue of ACL, as the capabilities restrictions have been
dropped.

Has anyone successfully mounted the storage device in the libvirt.  Having
gone through the libvirt documentation, couldnt find further information of
enabling the usb as storage device.  Any pointers towards that would be
useful.


Host OS:

IR800-GOS-1:~# lsusb
Bus 001 Device 003: ID 8644:800b
Bus 001 Device 001: ID 1d6b:0002
Bus 002 Device 001: ID 1d6b:0001
IR800-GOS-1:~#

Lxc app container:

root@ir800-lxc:/mnt/usb# ls -la  /dev/bus/usb/001/003
*crwx-*-----    1 root     root      189,   2 Feb  3 01:44
/dev/bus/usb/001/003



----------libvirt xml snippet ------------

    <hostdev mode='subsystem' type='usb'
managed='yes'>
      <source>
        <vendor id='0x8644'/>
        <product id='0x800b'/>
      </source>
    </hostdev>

-----------------------------
while changing the mode from subsystem to capabilities, it issues error for
validating against the schema.

---------------while changing the hostdev mode='capabilities'----------

virsh # edit n01_1
*error: XML document failed to validate against schema: Unable to validate
doc against /usr/share/libvirt/schemas/domain.rng*
Extra element devices in interleave
Element domain failed to validate content

Failed. Try again? [y,n,i,f,?]:
error: XML document failed to validate against schema: Unable to validate
doc against /usr/share/libvirt/schemas/domain.rng

--------------------------------------------


Regards,
*Ravi*

On Thu, Feb 02, 2017 at 06:30:24PM -0800, ravi mh wrote:
>Hi all,
>
>I am not able to access USB as storage device in the lxc container.
>Having tried to pass the usb device with the product and vendor id, not
>able to see the device mounted in the lxc file system.
>
It won't be mounted, it will just be passed through as a device,
i.e. you will see it in the lsusb output.  If you need to mount it, then
it needs to be done either in the container (for which you might need
some capability) or mounted on the host and just using device
<filesystem/> instead.
>However, they are seen as char devices in the container at the location.
>There is no issue of ACL, as the capabilities restrictions have been
>dropped.
>
>Has anyone successfully mounted the storage device in the libvirt.  Having
>gone through the libvirt documentation, couldnt find further information of
>enabling the usb as storage device.  Any pointers towards that would be
>useful.
>
>
>Host OS:
>
>IR800-GOS-1:~# lsusb
>Bus 001 Device 003: ID 8644:800b
>Bus 001 Device 001: ID 1d6b:0002
>Bus 002 Device 001: ID 1d6b:0001
>IR800-GOS-1:~#
>
>Lxc app container:
>
>root@ir800-lxc:/mnt/usb# ls -la  /dev/bus/usb/001/003
>*crwx-*-----    1 root     root      189,   2 Feb  3 01:44
>/dev/bus/usb/001/003
>
>
>
>----------libvirt xml snippet ------------
>
>    <hostdev mode='subsystem' type='usb'
managed='yes'>
>      <source>
>        <vendor id='0x8644'/>
>        <product id='0x800b'/>
>      </source>
>    </hostdev>
>
>-----------------------------
>while changing the mode from subsystem to capabilities, it issues error for
>validating against the schema.
>
>---------------while changing the hostdev
mode='capabilities'----------
>
>virsh # edit n01_1
>*error: XML document failed to validate against schema: Unable to validate
>doc against /usr/share/libvirt/schemas/domain.rng*
>Extra element devices in interleave
>Element domain failed to validate content
>
>Failed. Try again? [y,n,i,f,?]:
>error: XML document failed to validate against schema: Unable to validate
>doc against /usr/share/libvirt/schemas/domain.rng
>
>--------------------------------------------
>
>
>Regards,
>*Ravi*
>_______________________________________________
>libvirt-users mailing list
>libvirt-users@redhat.com
>https://www.redhat.com/mailman/listinfo/libvirt-users

Thanks Martin for the info.



I have tried the below snippet in the libvirt xml.

 <hostdev mode='capabilities' type='storage'>
      <source>
        <block>/dev/sdc1</block>
      </source>
    </hostdev>

------------

root@ir800-lxc:~# mount /dev/sdc1 /mnt/usbdr/

mount: permission denied (are you root?)

----------

It works if the usernamespace is not enabled.



The reason being, we have enabled the username and hence its unprivileged
container.

As per this patch:
https://www.redhat.com/archives/libvir-list/2012-November/msg01555.html,
the capabilities with USB as storage is available for mounting if its
privileged container.

Is there a way to mount this inside the container with usernamespace
enabled and with some capabilities turned on?



Regards,
*Ravi M H*



On Thu, Feb 2, 2017 at 9:09 PM, Martin Kletzander <mkletzan@redhat.com>
wrote:
> On Thu, Feb 02, 2017 at 06:30:24PM -0800, ravi mh wrote:
>
>> Hi all,
>>
>> I am not able to access USB as storage device in the lxc container.
>> Having tried to pass the usb device with the product and vendor id, not
>> able to see the device mounted in the lxc file system.
>>
>>
> It won't be mounted, it will just be passed through as a device,
> i.e. you will see it in the lsusb output.  If you need to mount it, then
> it needs to be done either in the container (for which you might need
> some capability) or mounted on the host and just using device
> <filesystem/> instead.
>
> However, they are seen as char devices in the container at the location.
>> There is no issue of ACL, as the capabilities restrictions have been
>> dropped.
>>
>> Has anyone successfully mounted the storage device in the libvirt. 
Having
>> gone through the libvirt documentation, couldnt find further
information
>> of
>> enabling the usb as storage device.  Any pointers towards that would be
>> useful.
>>
>>
>> Host OS:
>>
>> IR800-GOS-1:~# lsusb
>> Bus 001 Device 003: ID 8644:800b
>> Bus 001 Device 001: ID 1d6b:0002
>> Bus 002 Device 001: ID 1d6b:0001
>> IR800-GOS-1:~#
>>
>> Lxc app container:
>>
>> root@ir800-lxc:/mnt/usb# ls -la  /dev/bus/usb/001/003
>> *crwx-*-----    1 root     root      189,   2 Feb  3 01:44
>> /dev/bus/usb/001/003
>>
>>
>>
>> ----------libvirt xml snippet ------------
>>
>>    <hostdev mode='subsystem' type='usb'
managed='yes'>
>>      <source>
>>        <vendor id='0x8644'/>
>>        <product id='0x800b'/>
>>      </source>
>>    </hostdev>
>>
>> -----------------------------
>> while changing the mode from subsystem to capabilities, it issues error
>> for
>> validating against the schema.
>>
>> ---------------while changing the hostdev
mode='capabilities'----------
>>
>> virsh # edit n01_1
>> *error: XML document failed to validate against schema: Unable to
validate
>> doc against /usr/share/libvirt/schemas/domain.rng*
>> Extra element devices in interleave
>> Element domain failed to validate content
>>
>> Failed. Try again? [y,n,i,f,?]:
>> error: XML document failed to validate against schema: Unable to
validate
>> doc against /usr/share/libvirt/schemas/domain.rng
>>
>> --------------------------------------------
>>
>>
>> Regards,
>> *Ravi*
>>
>
> _______________________________________________
>> libvirt-users mailing list
>> libvirt-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/libvirt-users
>>
>