[LXC] PVE device mount via extreme tmpfs trickery

galeksandrp

Member
Mar 15, 2024
5
0
6
GETTING STARTED INFO : You may know [ but better not to, you will sleep better ] that PVE have `device mount` support in `LXC`

which was made not by classic `lxc.mount.entry = /from /to none bind,create=dir 0 0` + all known `lxc.cgroup2.devices.allow`

but rather , yes , by all known `lxc.cgroup2.devices.allow` AND
01 . `/var/lib/lxc/<LXC_ID>/passthrough/` visibly empty directory
02 . PVE::LXC::device_passthrough_hotplug($vmid, $conf, $dev) github.com/proxmox/pve-container/blob/master/src/PVE/LXC.pm#L2344
03. some tmpfs trickery
04. move_mount syscall

I do not understood how PVE::LXC::device_passthrough_hotplug work at all . Could anyone please tell me ?

WHY : I am thinking about of passthroughing dynamically created /dev/<subsystem>XXX to `LXC` for various reasons.

Seems that I am doomed for same trickery up above.

HOPE : There are hope for me cause I will be fine with `privileged LXC`

So If anyone know how to passthrough whole subsystem like /dev/zdXXX or /dev/drbdXXX to at least privileged LXC I am all ears.
 
Last edited: