[Nut-upsuser] Running NUT within an unprivileged LXD container?

Linus Lüssing linus.luessing at c0d3.blue
Mon Jul 18 01:29:18 BST 2022 

Hi,

I'm trying to set up NUT within an unprivileged LXD container.
So within the container there is its own user namespace with
a root user with UID 0, which does not actually have overall
system root rights.

Both the host and the container run Debian Bullseye.
NUT is version 2.7.4-13.

The UPS I'm using is an APC Back-UPS Pro 900 and its connected via
USB to the host. The USB device is passed through to the
container.

This is what I see from within the container:

```
root at nut:~# lsusb | grep "Power"
Bus 001 Device 004: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
root at nut:~# lsusb -D /dev/bus/usb/001/004
Device: ID 051d:0002 American Power Conversion Uninterruptible
Power Supply
[...]
root at nut:~# nut-scanner -U
SNMP library not found. SNMP search disabled.
Neon library not found. XML search disabled.
IPMI library not found. IPMI search disabled.
Scanning USB bus.
[nutdev1]
        driver = "usbhid-ups"
        port = "auto"
        vendorid = "051D"
        productid = "0002"
        product = "Back-UPS RS 900G FW:879.L4 .I USB FW:L4"
        serial = "xxxxx"
        vendor = "American Power Conversion"
        bus = "001"
```

Configuration looks as follows:

```
root at nut:~# cat /etc/nut/ups.conf
[apc-back-ups-rs-900g]
        driver = "usbhid-ups"
        port = "auto"
        vendorid = "051D"
        productid = "0002"
        desc = "APC Back-UPS RS 900G FW:879.L4 .I USB FW:L4"
root at nut:~# cat /etc/nut/nut.conf
MODE=netserver
root at nut:~# cat /etc/nut/upsd.conf
LISTEN 127.0.0.1 3493
LISTEN ::1 3493
root at nut:~# 
```

However trying to start the driver so far fails:

```
root at nut:~# upsdrvctl start
Network UPS Tools - UPS driver controller 2.7.4
Network UPS Tools - Generic HID driver 0.41 (2.7.4)
USB communication driver 0.33
device->Product is NULL so it is not possible to determine whether to activate max_report_size workaround
Can't claim USB device [051d:0002]: could not detach kernel driver from interface 0: Operation not permitted
Driver failed to start (exit status=1)
root at nut:~#
```

Both on the host and in the container I see
/sys/class/usbmisc/hiddev0/. /dev/hidraw0 is only visible on the
host.

Is there a specific kernel module I would need to load on the host
first for usbhid-ups in NUT? And is this kernel module capable of
being used in an unprivileged container?

Regards, Linus

More information about the Nut-upsuser mailing list