On Mon, Jul 18, 2022 at 02:29:18AM +0200, Linus Lüssing wrote: > Hi, > > I'm trying to set up NUT within an unprivileged LXD container. > So within the container there is its own user namespace with > a root user with UID 0, which does not actually have overall > system root rights. > > Both the host and the container run Debian Bullseye. > NUT is version 2.7.4-13. > [...]
Found my issue: I wasn't aware that when /lib/nut/usbhid-ups is started as root that it drops its user privileges from root to the "nut" user: ``` root@nut:~# ps -Af | grep usb nut 91 1 0 22:10 ? 00:00:02 /lib/nut/usbhid-ups -a apc-back-ups-rs-900g ``` So I needed to add the "uid" and "gid" attributes here: ``` $ lxc start nut [ nut needs to be installed in the container before, so that the user+group "nut" are available ] $ lxc config device add nut apcusbhid usb vendorid=051d productid=0002 uid="$(lxc exec nut -- /bin/id -u nut)" gid="$(lxc exec nut -- /bin/id -g nut)" $ lxc exec nut -- /usr/bin/systemctl enable nut-server $ lxc restart nut ``` upsc now returns just fine, with valid values: ``` $ lxc exec nut -- /usr/bin/upsc apc-back-ups-rs-900g@localhost battery.charge Init SSL without certificate database 100 ``` Some more background information from my debugging, especially the output from strace, can be found here in the forum post: https://discuss.linuxcontainers.org/t/issue-usb-passthrough-using-network-ups-tools-nut-within-a-container-for-an-apc-ups/14641/1 Regards, Linus _______________________________________________ Nut-upsuser mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
