Intel QuickSync passthrough to Unprivileged Container

[myortyo]

Hello everybody,

I know there where some Threads like this but it seems like I don't get it to work.

So I have Proxmox VE 7.4-3 Running and an Unprivileged LXC Container which I want to passthrough the Intel QuickSync chip.

My Error I get when I try to start the LXC:

lxc_map_ids: 3701 newgidmap failed to write mapping "newgidmap: gid range [33-34) -> [103-104) not allowed": newgidmap 9310 0 100000 33 33 103 1 34 100034 65502
lxc_spawn: 1788 Failed to set up id mapping.
__lxc_start: 2107 Failed to spawn container "100"
TASK ERROR: startup for container '100' failed

What I did so far:

root@cloud:/# getent group www-data | cut -d : -f3
33

the www-data is the user in my LXC Container which runs Nextcloud where I want to use the hardware transcoding

root@proxmox:~# ls -la /dev/dri
total 0
drwxr-xr-x  3 root root        100 May 18 19:44 .
drwxr-xr-x 20 root root       4460 May 19 17:04 ..
drwxr-xr-x  2 root root         80 May 18 19:44 by-path
crw-rw----  1 root video  226,   0 May 18 19:44 card0
crw-rw----  1 root render 226, 128 May 18 19:44 renderD128

root@proxmox:~# getent group render | cut -d : -f3
103

How I edited the lxc config file:

# For Proxmox 7.x (LXC 4.x uses CGroupV2):
lxc.cgroup2.devices.allow: c 226:128 rwm


# Bind mount the device from the host to the container
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0 0


lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 33
lxc.idmap: g 33 103 1
lxc.idmap: g 34 100034 65502

How I edited the /etc/subgid

# /etc/subgid
root:100000:65536
root:103:1  # Add this line

It seems like IO do something wrong with the IDs?

Hope someone of you experts can help me.

Greetings

myortyo