LXC unprivileged container mapping for gpu passtrough

[Crabe919]

I'm trying g to map the following pieces for pcie coral passtrough from the pve host to the lxc container:

Pve host:
Video = 44 Render = 104 apex = 1000

Lxc:
Video =44 Render =108 apex = 1000

In the host : etc/subgid i've added :
root:100000:65536 root:44:1 root:104:1 root:1000:1

In the host and lxc : etc/subuid i've added :
root:100000:65535

This is my Lxc conf file:
lxc.cgroup2.devices.allow: c 226:* rwm lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file,mode=0666 lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file lxc.mount.entry: /dev/apex_0 dev/apex_0 none bind,optional,create=file lxc.idmap: u 0 100000 65536 lxc.idmap: g 0 100000 44 lxc.idmap: g 44 44 1 lxc.idmap: g 45 100045 63 lxc.idmap: g 108 104 1 lxc.idmap: g 109 100109 891 lxc.idmap: g 1000 1000 1 lxc.idmap: g 1001 101001 64535

this is the error i receive:
lxc_map_ids: 3701 newgidmap failed to write mapping "newgidmap: gid range [108-109) -> [104-105) not allowed": newgidmap 19090 0 100000 44 44 44 1 45 100045 63 108 104 1 109 100109 891 1000 1000 1 1001 101001 64535 lxc_spawn: 1788 Failed to set up id mapping. __lxc_start: 2107 Failed to spawn container "106" TASK ERROR: startup for container '106' failed


If i only try the following config, the lxc starts and shows nobody video 226 0:
lxc.cgroup2.devices.allow: c 226:* rwm lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file,mode=0666 lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file lxc.mount.entry: /dev/apex_0 dev/apex_0 none bind,optional,create=file lxc.idmap: u 0 100000 65536 lxc.idmap: g 0 100000 44 lxc.idmap: g 44 44 1 lxc.idmap: g 45 100045 63



if i change and try to swap the 108 - 104 -> container does not start
lxc.idmap: u 0 100000 65536 lxc.idmap: g 0 100000 108 lxc.idmap: g 108 104 1 lxc.idmap: g 109 100109 65427

if i change and try to swap the 1000 - 1000 -> container does not start
lxc.idmap: u 0 100000 65536 lxc.idmap: g 0 100000 108 lxc.idmap: g 1000 1000 1 lxc.idmap: g 1001 101001 64535

I'm at it for a couple of days, ready to pull my hair out.
Read and deciphered as much as i can, but it' won't work.
Why is this so difficult? Anybody has some other tips things i need to check?

Thanks in advance!

 

[fschauer]

lxc.idmap: g 108 104 1

It looks to me that you switched the idmap of 108 and 104 around.

 

[Crabe919]

Thanks, but if i’m correct the first number is the container, the second one should be the host.

I’ve already tried it the other way but still the same issue.

 

[fschauer]

You are right, my bad.

I noticed something else though:

In the host : etc/subgid i've added :
root:100000:65536 root:44:1 root:104:1 root:1000:1

You are allowing root to map gid 1000 instead of gid 100

lxc.idmap: g 1000 1000 1

And you are mapping host gid 1000 instead of 100

 

[Crabe919]

Made a typo in my opening post, should be 1000. Apex_0 for the coral pci is on 1000.

Thanks for looking at it!