Let toolbox access dialout group, to be able to use usb devices at /dev/tty*

[Vanadiae]

Now that all the /dev tree is bind-mounted in the toolbox, thanks to #97, all the devices are visible in the toolbox.

The fact is that most of them have the nobody:nobody owner, which for most of the devices is kind of normal and acceptable since they give important/critical hardware devices access. Still, some devices might be used by developers such as dev boards or arduino-like devices.

These device usually requires devices access at /dev/ttyUSB* or /dev/ttyACM* (i.e. arduino) which are covered by the dialout group on the host.

To temporarly (an udev rule can make it permanent but this isn't scalable nor convenient or plug-an-play) access the /dev/ttyACM0 device inside the toolbox, these are the instructions (taken from the silverblue forum:

• open a host terminal
• enter the toolbox with toolbox enter
• edit /etc/group (you must use sudo here) and append your username at the end of the dialout line
• exit toolbox with exit to come back to the host terminal
• plug in your device
• run sudo setfacl -m g:100018:rw /dev/ttyACM0 on the host. This sets up an ACL in the toolbox (the root of the toolbox's GID is 100000 and the dialout GID is 18 on the host) to let the toolbox access the device
• then enter toolbox an other time
• now if you run cat /dev/ttyACM0 or send some data to the device, you won't get any permission error

This is fairly inconvenient and not scalable at all (even if you setup an udev rule).

---

So it would be really great if toolbox could make available the dialout group so that people don't have to fiddle like this to use their programming devices.

[barnscott]

Yes, I second this. An integrated method for Toolboxs to write to USBs and external devices would be appreciated.

[debarshiray]

This is somewhat similar to #430

[marcinx64]

Any news on this? I still need to use workaround to access external devices.

[jeffteixeira]

Any news on this? I still need to use workaround to access external devices.

Which solution do you use?

[GentleHumour]

Preservation of groups from the host to the toolbox extends to other scenarios as well.

I have a directory on the host served by TFTP and writable by tftp group members. But I can't write to that directory from the toolbox.

Toolbox seems to be lacking any customisation levers. What I really want is just a configuration file where I can say "these paths on the host are mounted to these paths in the toolbox, and these are the permissions and group mappings".

In #1297, it is suggested to pass --group-add keep-groups to podman, but I have looked and if there is an option to do that, it's not in the documentation under doc/.

Instead, what I see is hard coded paths. It was easier to customise when Toolbox was just a shell script.

Where is the customisability? Where is the portability?

[debarshiray]

Duplicate of #1348