[Nut-upsuser] Running NUT within an unprivileged LXD container?
Linus Lüssing
linus.luessing at c0d3.blue
Mon Jul 18 01:29:18 BST 2022
Hi,
I'm trying to set up NUT within an unprivileged LXD container.
So within the container there is its own user namespace with
a root user with UID 0, which does not actually have overall
system root rights.
Both the host and the container run Debian Bullseye.
NUT is version 2.7.4-13.
The UPS I'm using is an APC Back-UPS Pro 900 and its connected via
USB to the host. The USB device is passed through to the
container.
This is what I see from within the container:
```
root at nut:~# lsusb | grep "Power"
Bus 001 Device 004: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
root at nut:~# lsusb -D /dev/bus/usb/001/004
Device: ID 051d:0002 American Power Conversion Uninterruptible
Power Supply
[...]
root at nut:~# nut-scanner -U
SNMP library not found. SNMP search disabled.
Neon library not found. XML search disabled.
IPMI library not found. IPMI search disabled.
Scanning USB bus.
[nutdev1]
driver = "usbhid-ups"
port = "auto"
vendorid = "051D"
productid = "0002"
product = "Back-UPS RS 900G FW:879.L4 .I USB FW:L4"
serial = "xxxxx"
vendor = "American Power Conversion"
bus = "001"
```
Configuration looks as follows:
```
root at nut:~# cat /etc/nut/ups.conf
[apc-back-ups-rs-900g]
driver = "usbhid-ups"
port = "auto"
vendorid = "051D"
productid = "0002"
desc = "APC Back-UPS RS 900G FW:879.L4 .I USB FW:L4"
root at nut:~# cat /etc/nut/nut.conf
MODE=netserver
root at nut:~# cat /etc/nut/upsd.conf
LISTEN 127.0.0.1 3493
LISTEN ::1 3493
root at nut:~#
```
However trying to start the driver so far fails:
```
root at nut:~# upsdrvctl start
Network UPS Tools - UPS driver controller 2.7.4
Network UPS Tools - Generic HID driver 0.41 (2.7.4)
USB communication driver 0.33
device->Product is NULL so it is not possible to determine whether to activate max_report_size workaround
Can't claim USB device [051d:0002]: could not detach kernel driver from interface 0: Operation not permitted
Driver failed to start (exit status=1)
root at nut:~#
```
Both on the host and in the container I see
/sys/class/usbmisc/hiddev0/. /dev/hidraw0 is only visible on the
host.
Is there a specific kernel module I would need to load on the host
first for usbhid-ups in NUT? And is this kernel module capable of
being used in an unprivileged container?
Regards, Linus
More information about the Nut-upsuser
mailing list