Forward all udev properties to container

[sdh]

I'm trying to run Automatic Ripping Machine in an LXC, but am having a problem because it's using `pyudev` to look at device properties, and the `ID_*` properties it's looking for are missing from the forwarded devices. Here is the relevant lxc config:

lxc.mount.auto: sys:rw
lxc.cgroup2.devices.allow: b 11:0 rwm
lxc.mount.entry: /dev/sr0 dev/sr0 non bind,create=file,optional 0 0

When I run `udevadm info --query=property --name=/dev/sr0` in the host, I get a huge number of properties listed, but when I run it in the container, it's just a tiny handful:

$ udevadm info --query=property --name=/dev/sr0
DEVPATH=/devices/pci0000:00/0000:00:14.0/usb4/4-1/4-1:1.0/host7/target7:0:0/7:0:0:0/block/sr0
DEVNAME=/dev/sr0
DEVTYPE=disk
DISKSEQ=328
MAJOR=11
MINOR=0
SUBSYSTEM=block

I've tried using AI assistants to help debug, and it pointed at /sys being read-only in the container (not sure if the `sys:rw` line in the config was supposed to handle that?) and at /run/udev not being bind-mounted correctly (I tried a handful of suggestions, but was never able to get the host's /run/udev forwarded into the container). How can I get these udev properties added (and reported) in the container? Thanks!

 

[shanreich]

Have you tried using the Nesting option? That should expose procfs and sysfs of the host inside the container.

 

[sdh]

I'd commented out the `features: nesting=1` option since `lxc.apparmor.profile: unconfined` that I'd read suggested elsewhere was overriding it, but switching to instead comment out the apparmor profile and explicitly set nesting didn't change anything - it still doesn't expose the additional properties.

For what it's worth, I ended up working around this by running the container in privileged mode. Ideally I could run it unprivileged, but this was the only way I could find that actually got the udev props I needed.