search

dockur / windows

Windows inside a Docker container.
MIT License
17.49k stars 1.5k forks source link

Can only use USB passthru with privileged container #584

Open nodecaf opened 3 months ago

nodecaf commented 3 months ago

Operating system

Fedora 40

Description

When I tried to get either a usb serial device or usb storage drive to be accessible from Win10 container, I could only do so using privileged container mode.

Btw, other than that I have to say I'm very impressed with the project! well done!

Docker compose

services:
  windows:
    volumes:
      - /win:/storage
      - "/media/shared:/shared"
    image: dockurr/windows
    container_name: windows
    environment:
       VERSION: "win10"
       ARGUMENTS: "-usb -device usb-host,vendorid=0x1a86,productid=0x7523"
    devices:
      - /dev/kvm
      - /dev/net/tun
      - /dev/bus/usb
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    ports:
      - 8006:8006
      - 3389:3389/tcp
      - 3389:3389/udp
    stop_grace_period: 2m
    privileged: true
    userns_mode: 'host'

Docker log

❯ Starting Windows for Docker v3.11... 20:08:47 [0/446] ❯ For support visit https://github.com/dockur/windows ❯ CPU: Intel Core TM i7 5600U CPU | RAM: 8/16 GB | DISK: 106 GB (btrfs) | HOST: 6.8.10-300.fc40.x86_64...

❯ Booting Windows...
BdsDxe: loading Boot0004 "Windows Boot Manager" from HD(1,GPT,05A4D071-897C-4FCC-BC78-133FB60B3DE5,0x800,0x40000)/\EFI\Microsoft\Boot\bootmgfw.efi BdsDxe: starting Boot0004 "Windows Boot Manager" from HD(1,GPT,05A4D071-897C-4FCC-BC78-133FB60B3DE5,0x800,0x40000)/\EFI\Microsoft\Boot\bootmgfw.efi ❯ Windows started succesfully, visit http://localhost:8006/ to view the screen... qemu-system-x86_64: libusb_release_interface: -4 [NO_DEVICE] ❯ Received SIGTERM, sending ACPI shutdown signal... ❯ Waiting for Windows to shutdown... (1/110)
❯ Waiting for Windows to shutdown... (2/110)
❯ Shutdown completed!

Screenshots (optional)

No response

kroese commented 3 months ago

Normally passing the /dev/bus/usb device is enough, so you dont need any privileges. When setting privileged: true it allows the container access to every /dev device without needed to pass it manually. So it looks like in your case it needs an extra device and if we know which one, we can pass it so that you dont need privileged.

So what error do you get when you remove the privilege-flag?

nodecaf commented 3 months ago

Hi Kroese. I don't see any "errors" as such, but I don't see the devices appear. If I run unprivleged, I can see the two usb items, image

but if I add the -usb as extra args, I seem to be able see all usb "endpoints" image

As mentioned, I managed to achieve what I was hoping for, and are very impressed, but found this bit different from the instructions and I am curious to understand why. If there are any specific logs that I can provide that is of help, please let me know!

kroese commented 3 months ago

In your log it shows this line:

libusb_release_interface: -4 [NO_DEVICE]

so it seems as it cannot find the device by the PID/VID you specified, but if you run privileged, its passing every device (without filtering them on PID/VID).

So that explains why you need privileged mode, but I am still not sure why this vendorid=0x1a86,productid=0x7523 is wrong.

Maybe your intended device is behind some usb-hub, and you need to also add the pid/vid of the hub for example (just guessting). Or you made a typo in the values. Im sure it must be something small. But this NO_DEVICE is clear that it cannot find the device with the values you used.