privileged LXC container device passthrough configured well?

kitsab

New Member
Sep 25, 2019
6
0
1
48
Hello,

first of all my system is working as desired, but I'm not sure if I did it correct in terms of safety.

I use a tv card in a privileged lxc container to deploy a hard disk recorder using the linux based project vdr (tvdr).

/etc/pve/lxc/101.conf contains the following two lines at the end to grant access to the tv card.
lxc.cgroup.devices.allow: c 212:* rwm
lxc.mount.entry: /dev/dvb dev/dvb none bind,optional,create=dir

After this was able to access the tv card by root user.

To gain access to a user running the vdr service (username vdr), I created a user on proxmox server called "vdr" with the same gid and uid as in the lxc container. I added this user to the group root and I did chown -R vdr:root /dev/dvb/adapter0 and chown -R vdr:root /dev/dvb/adapter0 on the prxmox server.
Since this I'm also able to access the tv card with the user running the vdr service inside the lxc container.

Is this okay or a bad solution?

Thanks for advice

Best regards

Kitsab
 
Last edited:
hi,

better would be in unprivileged container. bind mounts will still work, you just need to change the uid/gid of the device

otherwise looks okay to me