Hi everybody, I have a question about the following setup. I have recently setup a proxmox 8.0.3 environment on a Dell Wyse 5070 as a host system.
I then created an LXC container to use for squeezelite to play audio over a PCM2704 USB DAC based on the debian-12-standard_12.2-1_amd64 and after installed squeezelite.
The config for the container looks like this:
Two things I could not get to work are a custom udev rule to always assign the same symlink and permission to the USB DAC and the lxc.idmap. Once I try to do the group mapping my container fails to start. However after setting the permissions on the host to the root and audio group of the guest by
The whole setup works (USB DAC and even HMDI audio to my suprise).
Now the question: does this approach (of setting the permissions in /dev/snd) have any negative security implications?
I then created an LXC container to use for squeezelite to play audio over a PCM2704 USB DAC based on the debian-12-standard_12.2-1_amd64 and after installed squeezelite.
The config for the container looks like this:
Code:
arch: amd64
cores: 2
features: nesting=1
hostname: sbs
memory: 512
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.0.1,hwaddr=0E:AB:4E:2E:86:74,ip=192.168.0.14/24,type=veth
onboot: 1
ostype: debian
rootfs: local-lvm:vm-103-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.cgroup2.devices.allow: c 116:* rwm
lxc.mount.entry: /dev/snd dev/snd none bind,create=dir 0 0Two things I could not get to work are a custom udev rule to always assign the same symlink and permission to the USB DAC and the lxc.idmap. Once I try to do the group mapping my container fails to start. However after setting the permissions on the host to the root and audio group of the guest by
Code:
chown -R 100000:100029 /dev/snd/*The whole setup works (USB DAC and even HMDI audio to my suprise).
Now the question: does this approach (of setting the permissions in /dev/snd) have any negative security implications?
