Silverblue toolbox /dev/ttyUSB0 has permission 'nobody:nobody'

keepitsimplejim · May 9, 2022, 2:28pm

When trying to access ‘/dev/ttyUSB0’ in the toolbox container using silverblue F36 (system release at bottom) the device fails with the following error

Cannot create lockfile for /dev/ttyUSB0: Permission denied

I’ve check the permissions for the device and it’s assigned to ‘nobody:nobody’ and hence won’t allow me to access.
Looked around I found a guide to use ‘udev rules’ to give me permission for the device, Accessing USB serial devices in Fedora Silverblue – Just another Linux geek and I get the following error.

Unfortunately I fail at the following point.

sudo udevadm control --reload-rules
Failed to send reload request: No such file or directory

I’ve restarted both the container and my system and the udev rule hasn’t been applied so I’m not sure how to access the ttyUSB device.

Does anyone know how to access the tty device in a Silverblue toolbox container as I would like to be able to use software from inside toolbox to access the USB device.

Regards
Jim

● fedora:fedora/36/x86_64/silverblue
                   Version: 36.20220508.0 (2022-05-08T00:42:01Z)
                BaseCommit: dd4ac38b4030e0192777eef2c243f1b2a777f6d6526fd52b84f0a2ec2984b6bb
              GPGSignature: Valid signature by 53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4
           LayeredPackages: ddcutil ffmpeg-libs mozilla-openh264 openssl tmux wireshark zsh
             LocalPackages: rpmfusion-free-release-36-0.2.noarch rpmfusion-nonfree-release-36-0.2.noarch

keepitsimplejim · May 10, 2022, 7:34am

To answer my own question it looks like there’s a limitation in the way that toolbox mounts the ‘/dev’ directory limits the permissions to access certain devices.

github.com/containers/toolbox

Let toolbox access dialout group, to be able to use usb devices at /dev/tty*

opened 02:31PM - 09 May 20 UTC

Vanadiae

3. Enhancement

Now that all the /dev tree is bind-mounted in the toolbox, thanks to #97, all th…e devices are visible in the toolbox. The fact is that most of them have the nobody:nobody owner, which for most of the devices is kind of normal and acceptable since they give important/critical hardware devices access. Still, some devices might be used by developers such as dev boards or arduino-like devices. These device usually requires devices access at /dev/ttyUSB* or /dev/ttyACM* (i.e. arduino) which are covered by the dialout group on the host. To temporarly (an udev rule can make it permanent but this isn't scalable nor convenient or plug-an-play) access the /dev/ttyACM0 device **inside the toolbox**, these are the instructions (taken from the [silverblue forum](https://discussion.fedoraproject.org/t/cannot-access-dev-ttyacm0-from-toolbox-container/13305/3): - open a host terminal - enter the toolbox with `toolbox enter` - edit `/etc/group` (you must use sudo here) and append your username at the end of the dialout line - exit toolbox with `exit` to come back to the host terminal - plug in your device - run `sudo setfacl -m g:100018:rw /dev/ttyACM0` on the host. This sets up an ACL in the toolbox (the root of the toolbox's GID is 100000 and the dialout GID is 18 on the host) to let the toolbox access the device - then enter toolbox an other time - now if you run `cat /dev/ttyACM0` or send some data to the device, you won't get any permission error This is fairly inconvenient and not scalable at all (even if you setup an udev rule). ------------------------------------------------------------------------------------------------------------------------------- So it would be really great if toolbox could make available the dialout group so that people don't have to fiddle like this to use their programming devices.

Given this I’m going to have to go back to Fedora Workstation for the time being.

Jim

1player · June 6, 2022, 2:41pm

In case you’re still on Silverblue and haven’t moved to Workstation yet, have you tried distrobox?

It’s like toolbox but with more features, I quite prefer it. I just found out it’s got a rootful mode, for creating toolboxes with full root privileges (though you’d still enter as your user) which retains privileges if you need to access /dev files.

Example:

$ distrobox create --root toolbox
$ distrobox enter --root toolbox
# inside the toolbox...
toolbox:$ % ll /dev/ttyACM0
crw-rw----. 1 root dialout 166, 0 Jun  5 09:19 /dev/ttyACM0

Let me know if this helps. I’m still on Workstation and want to make the move to Silverblue, and access to /dev files inside a toolbox is important to me as well.

davetucker · July 18, 2022, 2:14pm

For what it’s worth, I also hit this issue but using udev rules worked for me.

In my case, my M5Core was showing as /dev/ttyACM0 and so I just went for a very simple rule:

KERNEL=="ttyACM0", OWNER="dave"

I was able to use esptool.py inside the my esp32 toolbox sucessfully.