privileged LXC container device passthrough configured well?

kitsab

New Member
Sep 25, 2019
6
0
1
46
Hello,

first of all my system is working as desired, but I'm not sure if I did it correct in terms of safety.

I use a tv card in a privileged lxc container to deploy a hard disk recorder using the linux based project vdr (tvdr).

/etc/pve/lxc/101.conf contains the following two lines at the end to grant access to the tv card.
lxc.cgroup.devices.allow: c 212:* rwm
lxc.mount.entry: /dev/dvb dev/dvb none bind,optional,create=dir

After this was able to access the tv card by root user.

To gain access to a user running the vdr service (username vdr), I created a user on proxmox server called "vdr" with the same gid and uid as in the lxc container. I added this user to the group root and I did chown -R vdr:root /dev/dvb/adapter0 and chown -R vdr:root /dev/dvb/adapter0 on the prxmox server.
Since this I'm also able to access the tv card with the user running the vdr service inside the lxc container.

Is this okay or a bad solution?

Thanks for advice

Best regards

Kitsab
 
Last edited:
hi,

better would be in unprivileged container. bind mounts will still work, you just need to change the uid/gid of the device

otherwise looks okay to me
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!