[SOLVED] Help for passing host devices to container

[distahl]

Hi,

I'm completely new to Proxmox and installed a non-subscribed instance (v7.0-8) some days ago.
After that I've created a privileged container from template "debian-11-standard_11.0-1_amd64.tar.gz" and wanted to passed some devices.

Please have a look at the config:

arch: amd64
cores: 16
features: nesting=1
hostname: J1900
memory: 32768
mp0: raid-hdd:subvol-100-disk-0,mp=/var/log,acl=1,backup=1,size=15G
mp1: raid-hdd:subvol-100-disk-1,mp=/home,acl=1,backup=1,size=20G
mp2: raid-hdd:subvol-100-disk-2,mp=/data,acl=1,backup=1,size=50G
nameserver: 192.168.1.222 fd00:192:168:1::222 192.168.1.1
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.1,hwaddr=4E:04:90:16:11:0D,ip=192.168.1.225/24,ip6=dhcp,type=veth
net1: name=eth1,bridge=vmbr0,firewall=1,hwaddr=BA:84:0C:A5:BA:29,ip6=fd00:192:168:1::225/64,type=veth
onboot: 1
ostype: debian
rootfs: raid-ssd:subvol-100-disk-0,acl=1,size=30G
searchdomain: home.local
swap: 0
tty: 2
lxc.cgroup.devices.allow: c 10 200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
lxc.cgroup.devices.allow: c 188:* rwm
lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file

And some information about the devices:

root@pve01:~# ls -l /dev/ttyUSB0
crw-rw-rw- 1 root dialout 188, 0 Aug 29 19:55 /dev/ttyUSB0

root@pve01:~# ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Aug 29 18:57 /dev/net/tun

Now, if I try to use the devices I get an "Operation not permitted" message from e.g. openvpn:

Mon Aug 30 14:15:35 2021 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
Mon Aug 30 14:15:35 2021 Exiting due to fatal error

I also already tried to "chmod o+rw" to the specific device in order to see if this could be an issue, but it doesn't chnage anything regarding the error.

What am I doing wrong? Why isn't this working?

 

[oguz]

hi,

try lxc.cgroup2.devices.allow instead of lxc.cgroup.devices.allow

 

[distahl]

Unfortunately not making any difference. Still getting " Operation not permitted"

 

[oguz]

take a look here [0] (this is with unprivileged container, you don't need privileged)

[0]: https://pve.proxmox.com/wiki/OpenVPN_in_LXC

 

[distahl]

Oh, wait. Stupid me. Had a syntx error in "lxc.cgroup.devices.allow: c 10 200 rwm". There was missing a colon (... 10:200 rwm). Now it is working. Thank you so much. In the end "cgroup2" was the solution.

 

[oguz]

great, please mark the thread [SOLVED]