iGPU Passthrough

[confuzd]

Problem Solved:

I have no idea why it works now, but here is what I did.

I found this script on stack overflow: https://github.com/ddimick/proxmox-lxc-idmapper
and used the command './run.py 985=44 989=104' to generate this output:

# Add to /etc/pve/lxc/<container_id>.conf:
lxc.idmap: u 0 100000 985
lxc.idmap: g 0 100000 985
lxc.idmap: u 985 44 1
lxc.idmap: g 985 44 1
lxc.idmap: u 986 100986 3
lxc.idmap: g 986 100986 3
lxc.idmap: u 989 104 1
lxc.idmap: g 989 104 1
lxc.idmap: u 990 100990 64546
lxc.idmap: g 990 100990 64546

# Add to /etc/subuid:
root:44:1
root:104:1

# Add to /etc/subgid:
root:44:1
root:104:1

This maps the group and user IDs 44 <-> 985 and 104 <-> 989, and now it works.
I do not have any users with the IDs 985 or 989 on my system, but it works regardless, and that is probably a security concern, but i'm the only person that will ever have access, so idrc
When I access /dev/dri, the iGPU is recognized, so I will not complain

My original Post:

---

Hello everyone!

I've tried to pass my integrated GPU into a LXC container using this guide: https://bookstack.swigg.net/books/linux/page/lxc-gpu-access but I can not get it to work.

My problem is configuring the GID passthrough.

In Proxmox the video is group 44, and the render group 104
In Arch the video group is 985, and the render group is 989

I am basically trying to connect the corresponding GIDs to one another, and then map the rest of the IDs onto the 100xxx range, just like in the tutorial
However it still complains that I am trying to bind 990 to 105, even though I'm not

Any and all help would be much appreciated

my /etc/subgid:

root:100000:65536
root:44:1
root:104:1

my /etc/pve/lxc/109.conf:

arch: amd64
cores: 16
features: nesting=1
hostname: remote
memory: 15259
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=A6:1A:62:19:0A:1E,ip=dhcp,ip6=dhcp,type=veth
ostype: archlinux
rootfs: local-zfs:subvol-109-disk-0,size=40G
swap: 0
unprivileged: 1
lxc.cgroup.devices.allow: c 226:* rwm
lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file,mode=0666
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 985                  // map GIDs 0-984 (arch) to 100000-100984 (proxmox)
lxc.idmap: g 985 44 1                      // map video (arch) to video (proxmox)
lxc.idmap: g 986 100986 3                  // map GIDs 986-988 (arch) to 100986-100988 (proxmox)
lxc.idmap: g 989 104 1                     // map render (arch) to render (proxmox)
lxc.idmap: g 990 100990 64546              // map GIDs 990-65536 (arch) to 100990-165536 (proxmox)

the error:

lxc_map_ids: 3701 newgidmap failed to write mapping "newgidmap: gid range [989-990) -> [104-105) not allowed": newgidmap 1415871 0 100000 985 985 44 1 986 100986 3 989 104 1 990 100990 64546
lxc_spawn: 1788 Failed to set up id mapping.
__lxc_start: 2107 Failed to spawn container "109"
startup for container '109' failed

Thank you very much for your time and effort, I've been staring at all of these numbers for at least two hours now, and can not figure it out

 

[leesteken]

The message says that [989-990) are not allowed for newgidmap, which probably mean that you need to add root:989:1 to /etc/subgid. I think you added the "opposite side" to subgid by mistake.

 

[confuzd]

The message says that [989-990) are not allowed for newgidmap, which probably mean that you need to add root:989:1 to /etc/subgid. I think you added the "opposite side" to subgid by mistake.

I added 'root:989:1' to my /etc/subgid, but still get the same error:

lxc_map_ids: 3701 newgidmap failed to write mapping "newgidmap: gid range [989-990) -> [104-105) not allowed": newgidmap 2220488 0 100000 985 985 44 1 986 100986 3 989 104 1 990 100990 64546
lxc_spawn: 1788 Failed to set up id mapping.
__lxc_start: 2107 Failed to spawn container "109"
startup for container '109' failed

 

[leesteken]

I added 'root:989:1' to my /etc/subgid, but still get the same error:

There is another problem with 989: you cannot map user ID 989 because there is no such user in the container. The user IDs in the container start at 100000. Maybe you intended to use 100989 instead?

EDIT: I think I'm wrong about 989 in /etc/subgid and you were right with root:44:1 etc.
Can't you use the new dev: setting (with user and group) instead of the lxc.mount.entry: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pct_options

 

[confuzd]

There is another problem with 989: you cannot map user ID 989 because there is no such user in the container. The user IDs in the container start at 100000. Maybe you intended to use 100989 instead?

EDIT: I think I'm wrong about 989 in /etc/subgid and you were right with root:44:1 etc.
Can't you use the new dev: setting (with user and group) instead of the lxc.mount.entry: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pct_options

I pretty much just went through the mentioned tutorial (https://bookstack.swigg.net/books/linux/page/lxc-gpu-access), and adjusted all the values that differed on my system.

My thoughs are as follows: if it worked for the author, who defined 106 (inside the container) to 108 (outside) like this:

'lxc.idmap: g 106 108 1'

then why shouldn't it work just like that for me.

The Tutorial was last updated 2 years ago, which is a long time, but I do not think breaking changes regarding mapping of GIDs happened since.

I run a up-to-date proxmox install, with the 6.5 kernel,

 

[confuzd]

There is another problem with 989: you cannot map user ID 989 because there is no such user in the container. The user IDs in the container start at 100000. Maybe you intended to use 100989 instead?

EDIT: I think I'm wrong about 989 in /etc/subgid and you were right with root:44:1 etc.
Can't you use the new dev: setting (with user and group) instead of the lxc.mount.entry: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pct_options

Thank you so much for your help, I got it to work, see the original post on how