XFCE desktop in LXC container in proxmox 8.1.10 using integrated GPU

[johlon101]

I would like to get a XFCE desktop running inside a privileged container to display to the monitor of the host system
I have followed this tutorial here: https://discuss.linuxcontainers.org/t/xserver-inside-lxc-container/5022/4

The only success I have had so far is getting the lightdm greeter to display on the monitor, but once I use it to log in the desktop doesn't appear, and I am left with nothing but a mouse on a desktop background.

I have an AMD ryzen7 5700u cpu.

My container config file looks like the following:

arch: amd64
cores: 8
features: nesting=1
hostname: homelab-debian-ct
memory: 8192
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:30:C1:CD,type=veth
ostype: debian
rootfs: local-lvm:vm-102-disk-1,size=50G
swap: 8192
lxc.cgroup2.devices.allow: c 226:0 rwm
lxc.cgroup2.devices.allow: c 226:128 rwm
lxc.cgroup2.devices.allow: c 4:7 rwm
lxc.cgroup2.devices.allow: c 29:* rwm
lxc.cgroup2.devices.allow: c 13:* rwm
lxc.cgroup2.devices.allow: c 116:* rwm
lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.mount.entry: /dev/tty7 dev/tty7 none bind,optional,create=file
lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file
lxc.mount.entry: /dev/input dev/input none bind,optional,create=dir
lxc.mount.entry: /dev/snd dev/snd none bind,optional,create=dir

When I start the xserver using "sudo xinit" in the container, it gives me the two following error messages:

xf86EnableIO: failed to enable I/O ports 0000-03ff (Operation not permitted)
xinit: XFree86_VT property unexpectedly has 0 items instead of 1

I get the following error message inside /var/log/Xorg.0.log
[ 12971.961] (EE) systemd-logind: failed to take device /dev/dri/card0: Operation not permitted

The entire Xorg log is attached.

lspci -vv shows the following (from the container)

06:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Lucienne (rev c1) (prog-if 00 [VGA controller])
        Subsystem: Advanced Micro Devices, Inc. [AMD/ATI] Lucienne
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
        Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort+ <TAbort- <MAbort- >SERR- <PERR- INTx-
        Latency: 0, Cache Line Size: 64 bytes
        Interrupt: pin A routed to IRQ 86
        IOMMU group: 17
        Region 0: Memory at ffe0000000 (64-bit, prefetchable) [size=256M]
        Region 2: Memory at fff0000000 (64-bit, prefetchable) [size=2M]
        Region 4: I/O ports at f000 [size=256]
        Region 5: Memory at fc500000 (32-bit, non-prefetchable) [size=512K]
        Capabilities: <access denied>
        Kernel driver in use: amdgpu

From the host it shows a lot more information under "capabilities"

Before I launch xserver in the container, the display is used for the Proxmox prompt.

Is this error caused by a process on the host system using the iGPU? Is there a way to prevent the host system using the display to display the prompt

Is there a better way to get a graphical desktop on the LXC container? Even having specific GUI programs running inside the container that could be displayed on the host's display using something like X11 forwarding would be useful

Thanks

 

[barban]

I did almost the same, but using KDE/Plasma 5.x.
For the error:

xf86EnableIO: failed to enable I/O ports 0000-03ff (Operation not permitted)

let the privileged container run unconfined; i.e. insert this line in container's .conf

lxc.apparmor.profile: unconfined

For the warning:

xinit: XFree86_VT property unexpectedly has 0 items instead of 1

pass throught the tty1 console; i.e. insert these lines in LXC container's .conf

lxc.cgroup2.devices.allow: c 4:0 rwm
lxc.mount.entry: /dev/tty0 dev/tty0 none bind,create=file 0 0

This should be enough.
BR