Hello everyone,
I'm encountering a bit of trouble while configuring an LXC container. My goal is to set up specific permissions for both an NFS share and a /dev/dri/renderD128 device. I've made some progress and everything works (nfs share and /dev/dri/renderD128 access), but I'm currently facing an issue: some files within the container have the nobody group, which makes them inaccessible to any user. Additionally, this situation is preventing me from performing backups. Here are some details to provide a clearer picture:
I followed this guide https://gist.github.com/aleksasiriski/820f22fadba72815f3eaf290465611a5 for the gpu passthrough (permissions GID)
In container
In host
backup error:
Thank you in advance for your time and assistance!
I'm encountering a bit of trouble while configuring an LXC container. My goal is to set up specific permissions for both an NFS share and a /dev/dri/renderD128 device. I've made some progress and everything works (nfs share and /dev/dri/renderD128 access), but I'm currently facing an issue: some files within the container have the nobody group, which makes them inaccessible to any user. Additionally, this situation is preventing me from performing backups. Here are some details to provide a clearer picture:
I followed this guide https://gist.github.com/aleksasiriski/820f22fadba72815f3eaf290465611a5 for the gpu passthrough (permissions GID)
In container
ls -ln
Code:
-rw------- 1 1000 65534 1000 Aug 29 12:14 key-be8151ee-1a91-4306-802f-a4d61299c1f2.xml
ls -l
Code:
-rw------- 1 jellyfin nobody 1000 Aug 29 12:14 key-be8151ee-1a91-4306-802f-a4d61299c1f2.xml
In host
backup error:
Code:
INFO: backup mode: snapshot
INFO: ionice priority: 7
INFO: create storage snapshot 'vzdump'
Logical volume "snap_vm-103-disk-0_vzdump" created.
INFO: creating vzdump archive '/var/lib/vz/dump/vzdump-lxc-103-2023_08_30-15_50_30.tar.zst'
INFO: tar: ./home/jellyfin_u/.aspnet/DataProtection-Keys/key-be8151ee-1a91-4306-802f-a4d61299c1f2.xml: Cannot open: Permission denied
cat /etc/pve/lxc/103.conf
Code:
...
mp0: /media/torrents/,mp=/shared
...
unprivileged: 1
lxc.cgroup2.devices.allow: c 226:128 rwm
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.hook.pre-start: sh -c "chown 0:100104 /dev/dri/renderD128"
lxc.idmap: g 0 100000 100
lxc.idmap: g 100 100 1
lxc.idmap: g 101 100101 65430
lxc.idmap: u 0 100000 65536
cat /etc/subgid
Code:
root:100000:65536
root:44:1
root:104:1
root:100:1
lxc-attach 103
ls -l .aspnet/
Code:
-rw------- 1 root root 1000 Aug 29 11:33 key-a73d7373-370d-46c3-85eb-ed7c4e84cdc7.xml
~/.aspnet/DataProtection-Keys #
Thank you in advance for your time and assistance!