meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
vm:proxmox:lxc:devices_access [2023/06/20 18:14] – created niziakvm:proxmox:lxc:devices_access [2024/12/07 20:07] (current) niziak
Line 5: Line 5:
   * serial port forwarding   * serial port forwarding
  
-===== privileged LXCs =====+===== serial port ===== 
 + 
 +==== privileged LXCs ====
  
 Only need to bind mount device node. Only need to bind mount device node.
Line 16: Line 18:
 Device major 188 is for ''ttyUSBx devices'' Device major 188 is for ''ttyUSBx devices''
  
-===== unprivileged LXCs =====+==== unprivileged LXCs ====
  
-Unprivileged LXCs has UIDs and GIDs mapped to defines subid and subgids ranges.+Unprivileged LXCs has UIDs and GIDs mapped to defined subid and subgids ranges.
  
 To get access to ''ttyUSB0'' as ''dialout'' group (GID=20) host needs to give permissions to access ''ttyUSB0'' for GID=100020. To get access to ''ttyUSB0'' as ''dialout'' group (GID=20) host needs to give permissions to access ''ttyUSB0'' for GID=100020.
Line 25: Line 27:
  
 Another method mentioned in [[https://gist.github.com/crundberg/a77b22de856e92a7e14c81f40e7a74bd|Setup deCONZ on unprivileged Proxmox container]] Another method mentioned in [[https://gist.github.com/crundberg/a77b22de856e92a7e14c81f40e7a74bd|Setup deCONZ on unprivileged Proxmox container]]
-is to do not touch ''/dev/ttyUSB0'' but create another device node with the same device major:minor. Then change owner of new device node and use it to bind mount into container.+is to do not touch ''/dev/ttyUSB0'' but create another device node with the same device ''major:minor''. Then change owner of new device node and use it to bind mount into container.
  
- +==== References ====
-===== References =====+
  
   * [[https://forum.proxmox.com/threads/usb-passthrough-to-a-container-lxc.101741/|USB passthrough to a container LXC]]   * [[https://forum.proxmox.com/threads/usb-passthrough-to-a-container-lxc.101741/|USB passthrough to a container LXC]]
   * [[https://www.reddit.com/r/Proxmox/comments/saxqm2/passing_igpu_through_to_unprivileged_lxc_help/|Passing iGPU through to unprivileged LXC [HELP]]]   * [[https://www.reddit.com/r/Proxmox/comments/saxqm2/passing_igpu_through_to_unprivileged_lxc_help/|Passing iGPU through to unprivileged LXC [HELP]]]
   * [[https://forum.proxmox.com/threads/passing-usb-device-on-lxc-not-working-after-upgrade-to-7-0.92178/|Passing USB device on LXC not working after upgrade to 7.0]]   * [[https://forum.proxmox.com/threads/passing-usb-device-on-lxc-not-working-after-upgrade-to-7-0.92178/|Passing USB device on LXC not working after upgrade to 7.0]]
 +  * Zigbee2MQTT automated LXC setup scripts (privileged containers):
 +    * [[https://raw.githubusercontent.com/tteck/Proxmox/main/misc/build.func|build.func]]
 +
 +====== DRI forward ======
 +
 +
 +Host system (Proxmox):
 +
 +<code bash>
 +$ls -ln /dev/dri
 +
 +crw-rw---- 1 0  44 226,   0 03-26 11:53 card0
 +crw-rw---- 1 0 103 226, 128 03-26 11:53 renderD128
 +</code>
 +
 +In unprivileged PCT GIDs and UIDs are shifted +100000, so if guest wants to access device with GID=44, from host point of view it is accessing it as GID=100044. 
 +So now is needed to do shift GID 44 and GID 103. 
 +Idea is to define ranges of GID mappings to map all other GID to be shifted by +100000:
 +
 +^ Container GID         ^ Host GID          ^  count  ^
 +| 0..43                 | 100000..100043    | 44      | 
 +| 44                    | 44                | 1       |
 +| 45..102               | 100045..100102    | 58      |
 +| 103                   | 103               | 1       |
 +| 104..65535            | 100104..165535    | 65431   |
 +
 +
 +Here is a tool [[https://github.com/ddimick/proxmox-lxc-idmapper|Proxmox unprivileged container/host uid/gid mapping syntax tool]]
 +
 +
 +Allow LXC (running as root) to map GID 44 and 103 to new ones:
 +
 +<file /etc/subgid>
 +root:100000:65536
 +root:44:1
 +root:103:1
 +</file>
 +
 +
 +PCT config file:
 +<file ini /etc/pve/lxc/303.conf>
 +lxc.cgroup2.devices.allow: a
 +lxc.cap.drop:
 +lxc.cgroup2.devices.allow: c 226:0 rwm
 +lxc.cgroup2.devices.allow: c 226:128 rwm
 +lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
 +lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
 +lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
 +lxc.idmap: u 0 100000 65536
 +lxc.idmap: g 0 100000 44
 +lxc.idmap: g 44 44 1
 +lxc.idmap: g 45 100045 58
 +lxc.idmap: g 103 103 1
 +lxc.idmap: g 104 100104 65431
 +</file>
 +
 +Guest system:
 +
 +<code bash>
 +usermod -aG 44 user
 +usermod -aG 103 user
 +apt install drm-info
 +drm_info
 +</code>
 +
 +====== TODO - check ======
 +
 +  * [[https://forum.proxmox.com/threads/terramaster-f2-423-proxmox-n5095-igpu-passthrough-issue.123144/#post-536224]]
 +  * [[https://forum.proxmox.com/threads/plex-hw-transcoding-lxc-and-jasper-lake-igpu-passthru.116163/#post-556945]]