LXC Container can access all host disks but shouldn't

[torwag]

Sorry as this is a slightly cross post with here. I got some nice thoughts and help there but noticed that my actual problem has nothing to do with PBS and thought it might be useful to ask here.

I run an ordinary LXC container, nothing special, all setup in the webui. Unprivileged, nesting on, basically all options are untouched / standard.

In this container I installed PBS. Also here basic install nothing fancy, followed the installation based on a debian 11 template.

Starting PBS, it finds ALL host harddisks. Root, the disks for ZFS and LVM pools. Even more strange (and dangerous) all of them are marked as unused.

I can't find a reason why this happens.

I run another LXC container running Homeassistant. This one I tweaked to get some usb pass-through. Maybe that effected all other LXC containers as well?

The problem, I can't remember out of my head what I changed to get the pass-through working.

 

[fiona]

Hi,
PBS is not really intended to be run in an (unprivileged) container. The fact that it can "see" all disks is just that it has access to the /sys filesystem. Just see ls /sys/block. But you shouldn't have the actual block devices in /dev/. PBS can't detect the usage, because it cannot actually check the device

 

[lethargos]

I'm not sure why the fact that you can see all the disks (including the S/N) is played down like that. Does this occur with standard LXC container outside Proxmox? I know it doesn't happen with docker in any case (not that I believe docker is better) and most probably not in podman either.