[GLLUG] USB device permission mechanisms - have they changed?

John Winters john at sinodun.org.uk
Sat Aug 30 12:06:48 UTC 2014

I thought I'd be really constructive this morning.  I installed a new
domestic server about six months ago, and then recently I put in a new
router (Mikrotik - lovely gadget), and all in all there was a bit of a
rat's nest on the shelf where they live.

I'd ordered some really short Cat6 patch leads, so I shut everything
down, removed all the unnecessary crap, laid out neat cable runs using
leads as short as possible, and coiling them up where they were too long
and couldn't be changed.  By the end I had an installation to be proud
of, with FTTC modem and router fixed to the wall, neat cable runs and
the server and UPS sitting in splendid isolation on the shelf, but...

When I booted things back up, I found that the VMs on my server could no
longer access forwarded USB devices.  I'm using KVM for my VMs, and USB
forwarding was previously working fine.  Of course this probably has
nothing to do with my tidying up operations.

A bit of investigation reveals that the VM processes (libvirt et al)
which run as their own user id, can no longer access the USB device
files.  I get messages like:

libusb: error [_get_usbfs_fd] libusb couldn't open USB device
/dev/bus/usb/002/005: Permission denied
libusb: error [_get_usbfs_fd] libusb requires write access to USB device

and checking said device node (on the host) I find:

john at black:/var/log/libvirt/qemu$ ls -l /dev/bus/usb/002
total 0
crw-rw-r-- 1 root root 189, 128 Aug 30 10:49 001
crw-rw-r-- 1 root root 189, 129 Aug 30 10:49 002
crw-rw-r-- 1 root root 189, 131 Aug 30 10:49 004
crw-rw-r-- 1 root root 189, 132 Aug 30 10:49 005

so the error message isn't really a surprise.  What I don't understand
is why it worked before and now has suddenly stopped.

Presumably the correct solution is to change the ownership of the USB
device to put it in a group, and then make libvirt-qemu a member of that

Is anyone aware of any recent changes to either udev or libvirt which
might have caused this?  The host server is running Debian Jessie, and
hasn't been re-booted for about a month.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20140830/55bffc81/attachment.pgp>

More information about the GLLUG mailing list