====== Device access ======

Search tags:
  * GPU forwarding
  * serial port forwarding

===== serial port =====

==== privileged LXCs ====

Only need to bind mount device node.

Example PCT config:
<file conf 100.conf>
lxc.cgroup.devices.allow = c 188:0 rwm
lxc.mount.entry: /dev/ttyUSB0       dev/ttyUSB0       none bind,optional,create=file
</file>
Device major 188 is for ''ttyUSBx devices''

==== unprivileged LXCs ====

Unprivileged LXCs has UIDs and GIDs mapped to defines subid and subgids ranges.

To get access to ''ttyUSB0'' as ''dialout'' group (GID=20) host needs to give permissions to access ''ttyUSB0'' for GID=100020.

Simple but dirty method is to <code bash>chown 100000:100020 /dev/ttyUSB0</code> (TODO: consider using ''setfacl'')

Another method mentioned in [[https://gist.github.com/crundberg/a77b22de856e92a7e14c81f40e7a74bd|Setup deCONZ on unprivileged Proxmox container]]
is to do not touch ''/dev/ttyUSB0'' but create another device node with the same device major:minor. Then change owner of new device node and use it to bind mount into container.

==== References ====

  * [[https://forum.proxmox.com/threads/usb-passthrough-to-a-container-lxc.101741/|USB passthrough to a container LXC]]
  * [[https://www.reddit.com/r/Proxmox/comments/saxqm2/passing_igpu_through_to_unprivileged_lxc_help/|Passing iGPU through to unprivileged LXC [HELP]]]
  * [[https://forum.proxmox.com/threads/passing-usb-device-on-lxc-not-working-after-upgrade-to-7-0.92178/|Passing USB device on LXC not working after upgrade to 7.0]]
  * Zigbee2MQTT automated LXC setup scripts (privileged containers):
    * [[https://raw.githubusercontent.com/tteck/Proxmox/main/misc/build.func|build.func]]


====== DRI forward ======


Host system (Proxmox):

<code bash>
$ls -ln /dev/dri

crw-rw---- 1 0  44 226,   0 03-26 11:53 card0
crw-rw---- 1 0 103 226, 128 03-26 11:53 renderD128
</code>

In unprivileged PCT GIDs and UIDs are shifted +100000, so if guest wants to access device with GID=44, from host point of view it is accessing it as GID=100044. 
So now is needed to do shift GID 44 and GID 103. 
Idea is to define ranges of GID mappings to map all other GID to be shifted by +100000:

^ Container GID         ^ Host GID          ^  count  ^
| 0..43                 | 100000..100043    | 44      | 
| 44                    | 44                | 1       |
| 45..102               | 100045..100102    | 58      |
| 103                   | 103               | 1       |
| 104..65535            | 100104..165535    | 65431   |


Here is a tool [[https://github.com/ddimick/proxmox-lxc-idmapper|Proxmox unprivileged container/host uid/gid mapping syntax tool]]


Allow LXC (running as root) to map GID 44 and 103 to new ones:

<file /etc/subgid>
root:100000:65536
root:44:1
root:103:1
</file>


PCT config file:
<file ini /etc/pve/lxc/303.conf>
lxc.cgroup2.devices.allow: a
lxc.cap.drop:
lxc.cgroup2.devices.allow: c 226:0 rwm
lxc.cgroup2.devices.allow: c 226:128 rwm
lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 44
lxc.idmap: g 44 44 1
lxc.idmap: g 45 100045 58
lxc.idmap: g 103 103 1
lxc.idmap: g 104 100104 65431
</file>

Guest system:

<code bash>
usermod -aG 44 user
usermod -aG 103 user
apt install drm-info
drm_info
</code>

====== TODO - check ======

  * [[https://forum.proxmox.com/threads/terramaster-f2-423-proxmox-n5095-igpu-passthrough-issue.123144/#post-536224]]
  * [[https://forum.proxmox.com/threads/plex-hw-transcoding-lxc-and-jasper-lake-igpu-passthru.116163/#post-556945]]