Differences

This shows you the differences between two versions of the page.

--- vm:proxmox:lxc:devices_access [2023/06/20 18:25]
niziak
+++ vm:proxmox:lxc:devices_access [2023/06/20 21:19] (current)
niziak
@@ Line 5: / Line 5: @@
   * serial port forwarding
-===== privileged LXCs =====
+===== serial port =====
+==== privileged LXCs ====
 Only need to bind mount device node.
@@ Line 16: / Line 18: @@
 Device major 188 is for ''ttyUSBx devices''
-===== unprivileged LXCs =====
+==== unprivileged LXCs ====
 Unprivileged LXCs has UIDs and GIDs mapped to defines subid and subgids ranges.
@@ Line 27: / Line 29: @@
 is to do not touch ''/dev/ttyUSB0'' but create another device node with the same device major:minor. Then change owner of new device node and use it to bind mount into container.
+==== References ====
-===== References =====
   * [[https://forum.proxmox.com/threads/usb-passthrough-to-a-container-lxc.101741/|USB passthrough to a container LXC]]
@@ Line 35: / Line 36: @@
   * Zigbee2MQTT automated LXC setup scripts (privileged containers):
     * [[https://raw.githubusercontent.com/tteck/Proxmox/main/misc/build.func|build.func]]
+====== DRI forward ======
+Host system (Proxmox):
+<code bash>
+$ls -ln /dev/dri
+crw-rw---- 1 0  44 226,   0 03-26 11:53 card0
+crw-rw---- 1 0 103 226, 128 03-26 11:53 renderD128
+</code>
+In unprivileged PCT GIDs and UIDs are shifted +100000, so if guest wants to access device with GID=44, from host point of view it is accessing it as GID=100044.
+So now is needed to do shift GID 44 and GID 103.
+Idea is to define ranges of GID mappings to map all other GID to be shifted by +100000:
+^ Container GID         ^ Host GID          ^  count  ^
+| 0..43                 | 100000..100043    | 44      |
+| 44                    | 44                | 1       |
+| 45..102               | 100045..100102    | 58      |
+| 103                   | 103               | 1       |
+| 104..65535            | 100104..165535    | 65431   |
+Here is a tool [[https://github.com/ddimick/proxmox-lxc-idmapper|Proxmox unprivileged container/host uid/gid mapping syntax tool]]
+Allow LXC (running as root) to map GID 44 and 103 to new ones:
+<file /etc/subgid>
+root:100000:65536
+root:44:1
+root:103:1
+</file>
+PCT config file:
+<file ini /etc/pve/lxc/303.conf>
+lxc.cgroup2.devices.allow: a
+lxc.cap.drop:
+lxc.cgroup2.devices.allow: c 226:0 rwm
+lxc.cgroup2.devices.allow: c 226:128 rwm
+lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
+lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
+lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
+lxc.idmap: u 0 100000 65536
+lxc.idmap: g 0 100000 44
+lxc.idmap: g 44 44 1
+lxc.idmap: g 45 100045 58
+lxc.idmap: g 103 103 1
+lxc.idmap: g 104 100104 65431
+</file>
+Guest system:
+<code bash>
+usermod -aG 44 user
+usermod -aG 103 user
+apt install drm-info
+drm_info
+</code>
+====== TODO - check ======
+  * [[https://forum.proxmox.com/threads/terramaster-f2-423-proxmox-n5095-igpu-passthrough-issue.123144/#post-536224]]
+  * [[https://forum.proxmox.com/threads/plex-hw-transcoding-lxc-and-jasper-lake-igpu-passthru.116163/#post-556945]]

Tools

menus and quick search

quick search

site status

Page Tools

meta data for this page

Differences