meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
vm:proxmox:lxc:devices_access [2023/06/20 18:25] niziakvm:proxmox:lxc:devices_access [2023/06/20 21:06] niziak
Line 5: Line 5:
   * serial port forwarding   * serial port forwarding
  
-===== privileged LXCs =====+===== serial port ===== 
 + 
 +==== privileged LXCs ====
  
 Only need to bind mount device node. Only need to bind mount device node.
Line 16: Line 18:
 Device major 188 is for ''ttyUSBx devices'' Device major 188 is for ''ttyUSBx devices''
  
-===== unprivileged LXCs =====+==== unprivileged LXCs ====
  
 Unprivileged LXCs has UIDs and GIDs mapped to defines subid and subgids ranges. Unprivileged LXCs has UIDs and GIDs mapped to defines subid and subgids ranges.
Line 27: Line 29:
 is to do not touch ''/dev/ttyUSB0'' but create another device node with the same device major:minor. Then change owner of new device node and use it to bind mount into container. is to do not touch ''/dev/ttyUSB0'' but create another device node with the same device major:minor. Then change owner of new device node and use it to bind mount into container.
  
- +==== References ====
-===== References =====+
  
   * [[https://forum.proxmox.com/threads/usb-passthrough-to-a-container-lxc.101741/|USB passthrough to a container LXC]]   * [[https://forum.proxmox.com/threads/usb-passthrough-to-a-container-lxc.101741/|USB passthrough to a container LXC]]
Line 35: Line 36:
   * Zigbee2MQTT automated LXC setup scripts (privileged containers):   * Zigbee2MQTT automated LXC setup scripts (privileged containers):
     * [[https://raw.githubusercontent.com/tteck/Proxmox/main/misc/build.func|build.func]]     * [[https://raw.githubusercontent.com/tteck/Proxmox/main/misc/build.func|build.func]]
 +
 +
 +====== DRI forward ======
 +
 +
 +Host system (Proxmox):
 +
 +<code bash>
 +$ls -ln /dev/dri
 +
 +crw-rw---- 1 0  44 226,   0 03-26 11:53 card0
 +crw-rw---- 1 0 103 226, 128 03-26 11:53 renderD128
 +</code>
 +
 +In unprivileged PCT GIDs and UIDs are shifted +100000, so if guest wants to access device with GID=44, from host point of view it is accessing it as GID=100044. 
 +So now is needed to do shift GID 44 and GID 103. 
 +Idea is to define ranges of GID mappings to map all other GID to be shifted by +100000:
 +
 +^ Container GID         ^ Host GID          ^  count  ^
 +| 0..43                 | 100000..100043    | 44      | 
 +| 44                    | 44                | 1       |
 +| 45..102               | 100045..100102    | 58      |
 +| 103                   | 103               | 1       |
 +| 104..65535            | 100104..165535    | 65431   |
 +
 +
 +Here is a tool [[https://github.com/ddimick/proxmox-lxc-idmapper|Proxmox unprivileged container/host uid/gid mapping syntax tool]]
 +
 +
 +Allow LXC (running as root) to map GID 44 and 103 to new ones:
 +
 +<file /etc/subgid>
 +root:100000:65536
 +root:44:1
 +root:103:1
 +</file>
 +
 +
 +PCT config file:
 +<file ini /etc/pve/lxc/303.conf>
 +lxc.cgroup2.devices.allow: a
 +lxc.cap.drop:
 +lxc.cgroup2.devices.allow: c 226:0 rwm
 +lxc.cgroup2.devices.allow: c 226:128 rwm
 +lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
 +lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
 +lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
 +lxc.idmap: u 0 100000 65536
 +lxc.idmap: g 0 100000 44
 +lxc.idmap: g 44 44 1
 +lxc.idmap: g 45 100045 58
 +lxc.idmap: g 103 103 1
 +lxc.idmap: g 104 100104 65431
 +</file>
 +
 +Guest system:
 +
 +<code bash>
 +usermod -aG 44 user
 +usermod -aG 103 user
 +apt install drm-info
 +drm_info
 +</code>
 +
 +====== TODO - check ======
 +
 +[[https://forum.proxmox.com/threads/terramaster-f2-423-proxmox-n5095-igpu-passthrough-issue.123144/#post-536224]]