PVE7: HDD Passthrough in CT funktioniert nicht

DoXer

New Member
Oct 11, 2021
3
0
1
56
Hallo,

ich habe vor kurzen ein PVE 7 aufgesetzt. Dort habe ich einen Debian Bullseye Container eingerichtet, welches mein NAS werden soll. Dazu möchte ich meine HDD /dev/sda (8:0) durchreichen, welche zur Zeit mit BTRFS auf /dev/sda1 (8:1) formatiert ist. Das klappt aber leider nicht, ich habe schon einige Anleitungen probiert.

Grundsätzlich habe ich mich hieran orientiert.

Testweise habe ich AppArmor disabled, hat auch nicht geholfen.

/etc/pve/lxc/106.conf
Code:
arch: amd64
cores: 1
features: nesting=1
hostname: nastest
memory: 512
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=FA:88:EF:E4:D7:D9,ip=dhcp,type=veth
onboot: 0
ostype: debian
rootfs: local-lvm:vm-106-disk-0,size=4G
swap: 512
unprivileged: 1
lxc.apparmor.profile: lxc-container-default-with-mounting
lxc.cgroup.devices.allow: b 8:0 rwm
lxc.cgroup.devices.allow: b 8:1 rwm

/etc/apparmor.d/lxc/lxc-default-with-mounting
Code:
# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc
profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>
# allow standard blockdevtypes.
# The concern here is in-kernel superblock parsers bringing down the
# host with bad data.  However, we continue to disallow proc, sys, securityfs,
# etc to nonstandard locations.
mount options=(rw, bind),
mount fstype=ext*,
mount fstype=xfs,
mount fstype=btrfs,
}


Ein

lxc-device add -n 106 /dev/sda
liefert leider
Code:
lxc-device: 106: lxccontainer.c: do_add_remove_node: 4609 Value too large for defined data type - Failed to create device node at
"/dev/sda"
lxc-device: 106: lxccontainer.c: do_add_remove_node: 4559 Failed to create device node
lxc-device: 106: tools/lxc_device.c: main: 153 Failed to add /dev/sda to 106


Ein

mknod -m 666 /dev/sda b 8 0

im Container liefert leider

Code:
mknod: /dev/sda: Operation not permitted


Zusätzlich dauert es recht lange bis nach dem Login die Shell kommt. Im Journal finde ich noch dies:

Code:
Oct 11 20:58:29 pve audit[14744]: AVC apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-with-mounting" name="/" pid=14744 comm="(d-logind)" flags="rw, rslave"
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!