I want to map a normal user and intel gpu device on the host to an unprivileged lxc container. I found the render group ids for the host and the lxc container at:
host render group.
video:x:44:
render:x:103:
lxc container render group.
video:x:44:
render:x:105:
Then modify the host's subuid and subgid files.
/etc/subuid
root:1000:1
root:100000:65536
user:165536:65536
/etc/subgid
root:44:1
root:103:1
root:1000:1
root:100000:65536
user:165536:65536
Finally, add the following mapping rules.
/etc/pve/lxc/<id>.conf.
lxc.idmap : u 0 100000 65536
lxc.idmap : g 0 100000 44
lxc.idmap : g 44 44 1
lxc.idmap : g 45 100045 60
lxc.idmap : g 105 103 1
lxc.idmap : g 106 100106 894
lxc.idmap : g 1000 1000 1
lxc.idmap : g 1001 101001 64535
But now the problem is that the new folders and files on the host for the user with id=1000 on the host are still showing the owner in the lxc container as nobody:nogroup instead of 1000:1000.
what am I doing wrong?
Any help would be appreciated! Thanks!
host render group.
video:x:44:
render:x:103:
lxc container render group.
video:x:44:
render:x:105:
Then modify the host's subuid and subgid files.
/etc/subuid
root:1000:1
root:100000:65536
user:165536:65536
/etc/subgid
root:44:1
root:103:1
root:1000:1
root:100000:65536
user:165536:65536
Finally, add the following mapping rules.
/etc/pve/lxc/<id>.conf.
lxc.idmap : u 0 100000 65536
lxc.idmap : g 0 100000 44
lxc.idmap : g 44 44 1
lxc.idmap : g 45 100045 60
lxc.idmap : g 105 103 1
lxc.idmap : g 106 100106 894
lxc.idmap : g 1000 1000 1
lxc.idmap : g 1001 101001 64535
But now the problem is that the new folders and files on the host for the user with id=1000 on the host are still showing the owner in the lxc container as nobody:nogroup instead of 1000:1000.
what am I doing wrong?
Any help would be appreciated! Thanks!
Last edited:
