meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
vm:proxmox:lxc:devices_access [2023/06/20 19:10] niziakvm:proxmox:lxc:devices_access [2023/06/20 21:06] niziak
Line 39: Line 39:
  
 ====== DRI forward ====== ====== DRI forward ======
 +
  
 Host system (Proxmox): Host system (Proxmox):
  
 +<code bash>
 +$ls -ln /dev/dri
 +
 +crw-rw---- 1 0  44 226,   0 03-26 11:53 card0
 +crw-rw---- 1 0 103 226, 128 03-26 11:53 renderD128
 +</code>
 +
 +In unprivileged PCT GIDs and UIDs are shifted +100000, so if guest wants to access device with GID=44, from host point of view it is accessing it as GID=100044. 
 +So now is needed to do shift GID 44 and GID 103. 
 +Idea is to define ranges of GID mappings to map all other GID to be shifted by +100000:
 +
 +^ Container GID         ^ Host GID          ^  count  ^
 +| 0..43                 | 100000..100043    | 44      | 
 +| 44                    | 44                | 1       |
 +| 45..102               | 100045..100102    | 58      |
 +| 103                   | 103               | 1       |
 +| 104..65535            | 100104..165535    | 65431   |
 +
 +
 +Here is a tool [[https://github.com/ddimick/proxmox-lxc-idmapper|Proxmox unprivileged container/host uid/gid mapping syntax tool]]
 +
 +
 +Allow LXC (running as root) to map GID 44 and 103 to new ones:
 +
 +<file /etc/subgid>
 +root:100000:65536
 +root:44:1
 +root:103:1
 +</file>
 +
 +
 +PCT config file:
 +<file ini /etc/pve/lxc/303.conf>
 +lxc.cgroup2.devices.allow: a
 +lxc.cap.drop:
 +lxc.cgroup2.devices.allow: c 226:0 rwm
 +lxc.cgroup2.devices.allow: c 226:128 rwm
 +lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
 +lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
 +lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
 +lxc.idmap: u 0 100000 65536
 +lxc.idmap: g 0 100000 44
 +lxc.idmap: g 44 44 1
 +lxc.idmap: g 45 100045 58
 +lxc.idmap: g 103 103 1
 +lxc.idmap: g 104 100104 65431
 +</file>
  
 Guest system: Guest system:
Line 52: Line 100:
 </code> </code>
  
 +====== TODO - check ======
  
 +[[https://forum.proxmox.com/threads/terramaster-f2-423-proxmox-n5095-igpu-passthrough-issue.123144/#post-536224]]