GID mapping/permission issues

m0n0pr1x

New Member
Aug 28, 2023
3
0
1
Hello everyone,

I'm encountering a bit of trouble while configuring an LXC container. My goal is to set up specific permissions for both an NFS share and a /dev/dri/renderD128 device. I've made some progress and everything works (nfs share and /dev/dri/renderD128 access), but I'm currently facing an issue: some files within the container have the nobody group, which makes them inaccessible to any user. Additionally, this situation is preventing me from performing backups. Here are some details to provide a clearer picture:


I followed this guide https://gist.github.com/aleksasiriski/820f22fadba72815f3eaf290465611a5 for the gpu passthrough (permissions GID)


In container
ls -ln
Code:
-rw-------    1 1000     65534         1000 Aug 29 12:14 key-be8151ee-1a91-4306-802f-a4d61299c1f2.xml

ls -l
Code:
-rw-------    1 jellyfin     nobody         1000 Aug 29 12:14 key-be8151ee-1a91-4306-802f-a4d61299c1f2.xml


In host

backup error:
Code:
INFO: backup mode: snapshot
INFO: ionice priority: 7
INFO: create storage snapshot 'vzdump'
  Logical volume "snap_vm-103-disk-0_vzdump" created.
INFO: creating vzdump archive '/var/lib/vz/dump/vzdump-lxc-103-2023_08_30-15_50_30.tar.zst'
INFO: tar: ./home/jellyfin_u/.aspnet/DataProtection-Keys/key-be8151ee-1a91-4306-802f-a4d61299c1f2.xml: Cannot open: Permission denied

cat /etc/pve/lxc/103.conf
Code:
...

mp0: /media/torrents/,mp=/shared
...

unprivileged: 1

lxc.cgroup2.devices.allow: c 226:128 rwm
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.hook.pre-start: sh -c "chown 0:100104 /dev/dri/renderD128"
lxc.idmap: g 0 100000 100
lxc.idmap: g 100 100 1
lxc.idmap: g 101 100101 65430
lxc.idmap: u 0 100000 65536

cat /etc/subgid
Code:
root:100000:65536
root:44:1
root:104:1
root:100:1

lxc-attach 103
ls -l .aspnet/
Code:
-rw-------    1 root     root          1000 Aug 29 11:33 key-a73d7373-370d-46c3-85eb-ed7c4e84cdc7.xml
~/.aspnet/DataProtection-Keys #


Thank you in advance for your time and assistance!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!