Passing Google Coral USB Edge TPU to an unprivileged container in proxmox

/ March 29, 2024/ Smart Home

Edit: Updated to work when the TPU Id is not yet a “Google” one.

First find out the bus and id of your device with lsusb, for example this is my mini server

Bus 001 Device 002: ID 8087:8000 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8008 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 002: ID 18d1:9302 Google Inc.
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 005: ID 0a05:7211 Unknown Manufacturer hub
Bus 003 Device 003: ID 0a05:7211 Unknown Manufacturer hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

On my machine, the Coral device is on Bus 004 with the Vendor id 18d1 and the product id 9302. (18d1:9302), also on that bus is the root hub with 1d6b:0003

Important:

I could be that your device has a different vendor and product id the first time you connect it to your machine:

Bus 004 Device 006: ID 1a6e:089a Global Unichip Corp. 

It will change the first time the device is used, so to be 100% sure it works after a reboot. I will share the hole bus and also declare the Global Unichip ids on the configuration

We need to now the major device number to find this run: ls -l /dev/bus/usb/004/

crw-rw-r-- 1 root root 189, 384 Mar 25 16:43 001
crw-rw-r-- 1 root root 189, 385 Mar 25 16:43 002

The major device number is 189 in my case.

Now, we will:

1. Allow the LXC container to use all the 189 USB devices (so the id changes will not affect us).
2. Mount the usb bus 004

To do so, on your /etc/pve/lxc/{id}.conf file add:

lxc.cgroup2.devices.allow: c 189:* rwm
lxc.mount.entry: /dev/bus/usb/004 dev/bus/usb/004 none bind,optional,create=dir

One more important thing is to allow the device to be used by the container. I haven’t found any way to do this more restrictive than allow anyone to use them (Do not do this right away):

chmod 666 /dev/bus/usb/004/001
chmod 666 /dev/bus/usb/004/002

The changed above will not be keep after reboot, the best way is to save an udev rule so this is applied at boot time (Similar to what we did on the Pass Intel IGPU To An Unprivileged LXC Container (Proxmox) tutorial), It also has the plus that we do not care about the exact assignation of the device inside the bus.

nano /etc/udev/rules.d/99-usb-coral-permissions.rules

# Base Hub
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="1d6b", ATTR{idProduct}=="0003", MODE="0666"
# Coral device after initialized
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="9302", MODE="0666"
# Coral Device before initialized
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="9302", MODE="0666"

Apply the changes:

udevadm control --reload-rules && udevadm trigger

Note: I had a couple of problems with udevadm so I preffer to do a full reboot.

Sources:

• https://github.com/blakeblackshear/frigate/discussions/1111
• https://github.com/blakeblackshear/frigate/discussions/5773
• https://github.com/google-coral/edgetpu/issues/536
• https://blog.sysadminpanda.co.uk/frigate-proxmox-lxc-coral-11th-gen-hw-accel/
• https://forum.proxmox.com/threads/pass-usb-device-to-lxc.124205/