Nvidia install for LXC

S

smartkid808

New Member
Feb 12, 2026
8
1
1
Hey guys, so I am kind of new to linux in general. I am trying to get my nvidia 3060ti installed so I can pass it thru to couple LXCs.
Is there any good guides on what specifically to do. I tried some but didn't work. I think i removed everything I tried to do. So trying to start over. Or is there a helper script I can use? I tried looking and didn't see any. Thanks in advance for any help you can give me.

ProxMox V. 9.1.5.
GFX: RTX 306TI
 
  • Like
Reactions: Brethsteallar
ok, so I was trying to use ChatGPT earlier, and it was confusing me, so I tried co-pilot, and it gave me something simpler. I will see if this works..

1. Update Proxmox and reboot​

apt update
apt full-upgrade -y
reboot


2. Install kernel headers and build tools​

apt install -y pve-headers-$(uname -r) build-essential dkms


3. Blacklist​

cat << 'EOF' > /etc/modprobe.d/blacklist-nouveau.conf
blacklist nouveau
options nouveau modeset=0
EOF

update-initramfs -u
reboot


4. Download the current NVIDIA driver​

cd /root
wget https://us.download.nvidia.com/XFree86/Linux-x86_64/580.126.09/NVIDIA-Linux-x86_64-580.126.09.run
chmod +x NVIDIA-Linux-x86_64-580.126.09.run



5. Stop Proxmox services and any display stack​

systemctl stop pveproxy pvedaemon pvestatd pve-cluster
systemctl stop display-manager 2>/dev/null || true
systemctl stop getty@tty1.service 2>/dev/null || true

If you’re on the physical console, switch to a TTY (e.g. Ctrl+Alt+F2) and log in.


6. Run the NVIDIA installer with DKMS​

From /root:
./NVIDIA-Linux-x86_64-580.126.09.run

When prompted:

  • Kernel module: Yes to register with DKMS
  • 32‑bit compatibility: No (unless you know you need it)
  • Update xorg.conf: doesn’t really matter on a headless Proxmox host—Yes is fine
  • Signed kernel modules: accept defaults unless you’re doing Secure Boot stuff
Let it finish without errors.


7. Reboot and verify​

bash

<span>reboot<br></span>
After it comes back:


8. About future updates​

Because we:

  • Installed DKMS
  • Installed pve-headers-$(uname -r)
  • Enabled DKMS in the installer
…every time Proxmox updates the kernel, the NVIDIA module will rebuild automatically.Your job after updates is just:

apt update
apt full-upgrade -y
reboot
nvidia-smi


If you want next, we can wire this into GPU passthrough for a specific VM or LXC GPU access and tune it for what you’re actually trying to run on that 3060 Ti.
 
L

[TUTORIAL] Thread 'Jellyfin LXC with Nvidia GPU transcoding and network storage'

Hola. I struggled through this one recently and figured I'd share.

The Overview:

We're looking for an unprivileged LXC to serve as a Jellyfin server. We want to use an Nvidia GPU (in this case a GTX 1070Ti) that is also used by other LXCs for other services. The sharing of the GPU is why we are not considering using VMs. Additionally, this setup uses an NFS share for the video library, which has a couple other requirements.


Phase one: Installing Jellyfin
  1. We'll start by creating a Jellyfin LXC using one of the TTECK scripts available here...
  • Like

that should get you the rest of the way, and applies to other containers as well.
 
Impact said:
The docs are a bit convoluted but I recommend the NVIDIA Container Toolkit way described here.
Click to expand...
So I think did everything right, but I get this when trying to start the container. I can paste the full config here. I tried as privileged and unprivileged. I did not run the driver install, as I already did that, but did install the toolkit on the host. Should I go ahead and run the .run scripts?

Code: 
root@vhs01:/etc/pve/lxc# pct reboot 914
run_buffer: 571 Script exited with status 1
lxc_setup: 3935 Failed to run mount hooks
do_start: 1274 Failed to setup container "914"
sync_wait: 34 An error occurred in another process (expected sequence number 4)
__lxc_start: 2126 Failed to spawn container "914"
startup for container '914' failed
root@vhs01:/etc/pve/lxc#
 
Share pct start 914 --debug and pct config 914. With the NVIDIA hook method you do not need lxc.mount* or dev* which I'm guessing you use.
 
Last edited:
@Impact, thanks for the quick response. Here you go..

Code: 
root@vhs01:/etc/pve/lxc# pct start 914 --debug
run_buffer: 571 Script exited with status 1
lxc_setup: 3935 Failed to run mount hooks
do_start: 1274 Failed to setup container "914"
sync_wait: 34 An error occurred in another process (expected sequence number 4)
__lxc_start: 2126 Failed to spawn container "914"
'[ ! -f /dev/nvidia0 ] && /usr/bin/nvidia-modprobe -c0 -u'" for container "914", config section "lxc"
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:unpriv_systemd_create_scope:1508 - Running privileged, not using a systemd unit
DEBUG    seccomp - ../src/lxc/seccomp.c:parse_config_v2:664 - Host native arch is [3221225534]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "[all]"
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "kexec_load errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[246:kexec_load] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "open_by_handle_at errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[304:open_by_handle_at] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[304:open_by_handle_at] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[304:open_by_handle_at] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "init_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[175:init_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "finit_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[313:finit_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "delete_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[176:delete_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:1036 - Merging compat seccomp contexts into main context
INFO     start - ../src/lxc/start.c:lxc_init:882 - Container "914" is initialized
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_create:1679 - The monitor process uses "lxc.monitor/914" as cgroup
DEBUG    storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_payload_create:1787 - The container process uses "lxc/914/ns" as inner and "lxc/914" as limit cgroup
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWNS
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWPID
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWUTS
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWIPC
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWNET
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWCGROUP
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved mnt namespace via fd 18 and stashed path as mnt:/proc/9696/fd/18
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved pid namespace via fd 19 and stashed path as pid:/proc/9696/fd/19
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved uts namespace via fd 20 and stashed path as uts:/proc/9696/fd/20
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved ipc namespace via fd 21 and stashed path as ipc:/proc/9696/fd/21
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved net namespace via fd 22 and stashed path as net:/proc/9696/fd/22
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved cgroup namespace via fd 23 and stashed path as cgroup:/proc/9696/fd/23
WARN     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits_legacy:3442 - Invalid argument - Ignoring legacy cgroup limits on pure cgroup2 system
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits:3538 - Limits for the unified cgroup hierarchy have been setup
INFO     utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "/usr/share/lxc/lxcnetaddbr" for container "914", config section "net"
DEBUG    network - ../src/lxc/network.c:netdev_configure_server_veth:879 - Instantiated veth tunnel "veth914i0 <--> vethFeY9RE"
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_rootfs:1223 - Mounted rootfs "/var/lib/lxc/914/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
INFO     conf - ../src/lxc/conf.c:setup_utsname:671 - Set hostname to "unmanic"
DEBUG    network - ../src/lxc/network.c:setup_hw_addr:3866 - Mac address "BC:24:11:25:54:25" on "eth0" has been setup
DEBUG    network - ../src/lxc/network.c:lxc_network_setup_in_child_namespaces_common:4007 - Network device "eth0" has been setup
INFO     network - ../src/lxc/network.c:lxc_setup_network_in_child_namespaces:4064 - Finished setting up network devices with caller assigned names
INFO     conf - ../src/lxc/conf.c:mount_autodev:1006 - Preparing "/dev"
INFO     conf - ../src/lxc/conf.c:mount_autodev:1067 - Prepared "/dev"
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:531 - Invalid argument - Tried to ensure procfs is unmounted
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:554 - Invalid argument - Tried to ensure sysfs is unmounted
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2208 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2227 - Flags for "/sys/fs/fuse/connections" were 4110, required extra flags are 14
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2271 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2271 - Mounted "proc" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/proc" with filesystem type "proc"
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2271 - Mounted "sys" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/sys" with filesystem type "sysfs"
DEBUG    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroupfs_mount:2197 - Mounted cgroup filesystem cgroup2 onto 20((null))
INFO     utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "914", config section "lxc"
INFO     utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "/usr/share/lxc/hooks/nvidia" for container "914", config section "lxc"
DEBUG    utils - ../src/lxc/utils.c:run_buffer:560 - Script exec /usr/share/lxc/hooks/nvidia 914 lxc mount produced output: FIXME: This hook currently only works in unprivileged mode.

ERROR    utils - ../src/lxc/utils.c:run_buffer:571 - Script exited with status 1
ERROR    conf - ../src/lxc/conf.c:lxc_setup:3935 - Failed to run mount hooks
ERROR    start - ../src/lxc/start.c:do_start:1274 - Failed to setup container "914"
ERROR    sync - ../src/lxc/sync.c:sync_wait:34 - An error occurred in another process (expected sequence number 4)
DEBUG    network - ../src/lxc/network.c:lxc_delete_network:4221 - Deleted network devices
ERROR    start - ../src/lxc/start.c:__lxc_start:2126 - Failed to spawn container "914"
WARN     start - ../src/lxc/start.c:lxc_abort:1037 - No such process - Failed to send SIGKILL via pidfd 17 for process 9726
startup for container '914' failed



Code: 
arch: amd64
cores: 8
features: keyctl=1,nesting=1
hostname: unmanic
memory: 8192
mp0: /mnt/videos,mp=library/movies,replicate=0,shared=1
mp1: /mnt/videos,mp=library/tv,replicate=0,shared=1
mp2: /mnt/videos/tmp/unmanic,mp=tmp/unmanic,replicate=0,shared=1
net0: name=eth0,bridge=vmbr0,gw=10.0.60.1,hwaddr=BC:24:11:25:54:25,ip=10.0.60.114/24,ip6=auto,tag=60,type=veth
onboot: 1
ostype: debian
rootfs: iscsi-flash:vm-914-disk-3,size=250G
swap: 4098
tags: community-script;plex
unprivileged: 0
lxc.hook.pre-start: sh -c '[ ! -f /dev/nvidia0 ] && /usr/bin/nvidia-modprobe -c0 -u'
lxc.environment: NVIDIA_VISIBLE_DEVICES=all
lxc.environment: NVIDIA_DRIVER_CAPABILITIES=all
lxc.hook.mount: /usr/share/lxc/hooks/nvidia
root@vhs01:/etc/pve/lxc#
 
FIXME: This hook currently only works in unprivileged mode.
Click to expand...
You could create a unprivileged CT or does it have to be privileged?
 
Last edited:
below it looks like a permission issue, but not sure how to fix that. Didn't want to try something and make things wrose
:)

Code: 
root@vhs01:/etc/pve/lxc# pct start 914 --debug
run_buffer: 571 Script exited with status 1
lxc_setup: 3935 Failed to run mount hooks
do_start: 1274 Failed to setup container "914"
sync_wait: 34 An error occurred in another process (expected sequence number 4)
__lxc_start: 2126 Failed to spawn container "914"
art 914 20260214005102.829 INFO     utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "914", config section "lxc"
INFO     utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "sh -c '[ ! -f /dev/nvidia0 ] && /usr/bin/nvidia-modprobe -c0 -u'" for container "914", config section "lxc"
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:unpriv_systemd_create_scope:1508 - Running privileged, not using a systemd unit
DEBUG    seccomp - ../src/lxc/seccomp.c:parse_config_v2:664 - Host native arch is [3221225534]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "[all]"
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "kexec_load errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[246:kexec_load] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "open_by_handle_at errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[304:open_by_handle_at] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[304:open_by_handle_at] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[304:open_by_handle_at] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "init_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[175:init_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "finit_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[313:finit_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "delete_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[176:delete_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "ioctl errno 1 [1,0x9400,SCMP_CMP_MASKED_EQ,0xff00]"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:555 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[16:ioctl] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:555 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[16:ioctl] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:555 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[16:ioctl] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:1036 - Merging compat seccomp contexts into main context
INFO     start - ../src/lxc/start.c:lxc_init:882 - Container "914" is initialized
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_create:1679 - The monitor process uses "lxc.monitor/914" as cgroup
DEBUG    storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
DEBUG    storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_payload_create:1787 - The container process uses "lxc/914/ns" as inner and "lxc/914" as limit cgroup
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWUSER
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWNS
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWPID
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWUTS
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWIPC
INFO     start - ../src/lxc/start.c:lxc_spawn:1781 - Cloned CLONE_NEWCGROUP
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved user namespace via fd 17 and stashed path as user:/proc/28034/fd/17
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved mnt namespace via fd 18 and stashed path as mnt:/proc/28034/fd/18
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved pid namespace via fd 19 and stashed path as pid:/proc/28034/fd/19
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved uts namespace via fd 20 and stashed path as uts:/proc/28034/fd/20
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved ipc namespace via fd 21 and stashed path as ipc:/proc/28034/fd/21
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved cgroup namespace via fd 22 and stashed path as cgroup:/proc/28034/fd/22
DEBUG    idmap_utils - ../src/lxc/idmap_utils.c:idmaptool_on_path_and_privileged:93 - The binary "/usr/bin/newuidmap" does have the setuid bit set
DEBUG    idmap_utils - ../src/lxc/idmap_utils.c:idmaptool_on_path_and_privileged:93 - The binary "/usr/bin/newgidmap" does have the setuid bit set
DEBUG    idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:178 - Functional newuidmap and newgidmap binary found
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits:3538 - Limits for the unified cgroup hierarchy have been setup
DEBUG    idmap_utils - ../src/lxc/idmap_utils.c:idmaptool_on_path_and_privileged:93 - The binary "/usr/bin/newuidmap" does have the setuid bit set
DEBUG    idmap_utils - ../src/lxc/idmap_utils.c:idmaptool_on_path_and_privileged:93 - The binary "/usr/bin/newgidmap" does have the setuid bit set
INFO     idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:176 - Caller maps host root. Writing mapping directly
NOTICE   utils - ../src/lxc/utils.c:lxc_drop_groups:1481 - Dropped supplimentary groups
INFO     start - ../src/lxc/start.c:do_start:1105 - Unshared CLONE_NEWNET
NOTICE   utils - ../src/lxc/utils.c:lxc_drop_groups:1481 - Dropped supplimentary groups
NOTICE   utils - ../src/lxc/utils.c:lxc_switch_uid_gid:1457 - Switched to gid 0
NOTICE   utils - ../src/lxc/utils.c:lxc_switch_uid_gid:1466 - Switched to uid 0
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved net namespace via fd 5 and stashed path as net:/proc/28034/fd/5
INFO     utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "/usr/share/lxc/lxcnetaddbr" for container "914", config section "net"
DEBUG    network - ../src/lxc/network.c:netdev_configure_server_veth:879 - Instantiated veth tunnel "veth914i0 <--> vethLNIFBI"
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_rootfs:1223 - Mounted rootfs "/var/lib/lxc/914/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
INFO     conf - ../src/lxc/conf.c:setup_utsname:671 - Set hostname to "unmanic"
DEBUG    network - ../src/lxc/network.c:setup_hw_addr:3866 - Mac address "BC:24:11:25:54:25" on "eth0" has been setup
DEBUG    network - ../src/lxc/network.c:lxc_network_setup_in_child_namespaces_common:4007 - Network device "eth0" has been setup
INFO     network - ../src/lxc/network.c:lxc_setup_network_in_child_namespaces:4064 - Finished setting up network devices with caller assigned names
INFO     conf - ../src/lxc/conf.c:mount_autodev:1006 - Preparing "/dev"
INFO     conf - ../src/lxc/conf.c:mount_autodev:1067 - Prepared "/dev"
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:531 - Invalid argument - Tried to ensure procfs is unmounted
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:554 - Invalid argument - Tried to ensure sysfs is unmounted
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2208 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2227 - Flags for "/sys/fs/fuse/connections" were 4110, required extra flags are 14
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2271 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2271 - Mounted "proc" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/proc" with filesystem type "proc"
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2271 - Mounted "sys" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/sys" with filesystem type "sysfs"
DEBUG    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroupfs_mount:2197 - Mounted cgroup filesystem cgroup2 onto 19((null))
INFO     utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "914", config section "lxc"
INFO     utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "/usr/share/lxc/hooks/nvidia" for container "914", config section "lxc"
DEBUG    utils - ../src/lxc/utils.c:run_buffer:560 - Script exec /usr/share/lxc/hooks/nvidia 914 lxc mount produced output: mkdir: cannot create directory ‘/var/lib/lxc/914/hook’: Permission denied

DEBUG    utils - ../src/lxc/utils.c:run_buffer:560 - Script exec /usr/share/lxc/hooks/nvidia 914 lxc mount produced output: + exec nvidia-container-cli --user configure --no-cgroups --ldconfig=@/usr/sbin/ldconfig --device=all --compute --compat32 --display --graphics --utility --video /usr/lib/x86_64-linux-gnu/lxc/rootfs

DEBUG    utils - ../src/lxc/utils.c:run_buffer:560 - Script exec /usr/share/lxc/hooks/nvidia 914 lxc mount produced output: nvidia-container-cli: mount error: file creation failed: /usr/lib/x86_64-linux-gnu/lxc/rootfs/run/nvidia-persistenced/socket: permission denied

ERROR    utils - ../src/lxc/utils.c:run_buffer:571 - Script exited with status 1
ERROR    conf - ../src/lxc/conf.c:lxc_setup:3935 - Failed to run mount hooks
ERROR    start - ../src/lxc/start.c:do_start:1274 - Failed to setup container "914"
ERROR    sync - ../src/lxc/sync.c:sync_wait:34 - An error occurred in another process (expected sequence number 4)
DEBUG    network - ../src/lxc/network.c:lxc_delete_network:4221 - Deleted network devices
ERROR    start - ../src/lxc/start.c:__lxc_start:2126 - Failed to spawn container "914"
WARN     start - ../src/lxc/start.c:lxc_abort:1037 - No such process - Failed to send SIGKILL via pidfd 16 for process 28065
startup for container '914' failed
root@vhs01:/etc/pve/lxc#



Code: 
arch: amd64
cores: 8
features: keyctl=1,nesting=1
hostname: unmanic
memory: 8192
mp0: /mnt/videos,mp=library/movies,replicate=0,shared=1
mp1: /mnt/videos,mp=library/tv,replicate=0,shared=1
mp2: /mnt/videos/tmp/unmanic,mp=tmp/unmanic,replicate=0,shared=1
net0: name=eth0,bridge=vmbr0,gw=10.0.60.1,hwaddr=BC:24:11:25:54:25,ip=10.0.60.114/24,ip6=auto,tag=60,type=veth
onboot: 1
ostype: debian
rootfs: iscsi-flash:vm-914-disk-3,size=250G
swap: 4098
tags: community-script;plex
unprivileged: 1
lxc.hook.pre-start: sh -c '[ ! -f /dev/nvidia0 ] && /usr/bin/nvidia-modprobe -c0 -u'
lxc.environment: NVIDIA_VISIBLE_DEVICES=all
lxc.environment: NVIDIA_DRIVER_CAPABILITIES=all
lxc.hook.mount: /usr/share/lxc/hooks/nvidia
root@vhs01:/etc/pve/lxc#
 
Hmm. Not sure. Did you create a completely fresh CT to test this with or just modify the unprivileged line? Try with a completely new CT.
It's also possible that the recent pve-container issue is affecting you here. apt install pve-container=6.0.18 might help in this case.
 
So it looks like it worked with a fresh bare Ubuntu CT. So this worked best if its a fresh CT, and not an existing one?
I also tried the apt install, and that doesn't seemed to help, but did not reboot the host yet. Will reboot after I get home just to make sure its a clean boot. Wasn't even aware their was an issue.
 
Well considering that the script requires an existing CT I'd say it does. I'm not really a fan of manually editing the config file but I consider this the best method for NVIDIA cards and there doesn't seem to be CLI support for adding lxc. specific options.
 
Last edited:
smartkid808 said:
Hey guys, so I am kind of new to linux in general. I am trying to get my nvidia 3060ti installed so I can pass it thru to couple LXCs.
Is there any good guides on what specifically to do. I tried some but didn't work. I think i removed everything I tried to do. So trying to start over. Or is there a helper script I can use? I tried looking and didn't see any. Thanks in advance for any help you can give me.

ProxMox V. 9.1.5.
GFX: RTX 306TI
Click to expand...
Permission problem, not GPU.

You cannot safely convert an existing CT to unprivileged. Create a fresh unprivileged container.

Most likely cause is your bind mounts. Fix ownership on the host:

```
chown -R 100000:100000 /mnt/videos
```

If it starts after removing mounts, that was the issue.

Avoid the NVIDIA `.run` installer. Use:

```
apt install nvidia-driver nvidia-container-toolkit
```

Also verify `/dev/nvidia0` exists on the host.
 
You must log in or register to reply here.
Top Bottom
Back