I’m using lxc on a Debian Bullseye server.
I run all my containers (Debian Bullseye ones too) unprivileged with the lxc-unpriv-start command.
I’m trying to use VDR with a USB DVB TV tuner (RTL2838) inside my lxc container.
So I have to do some USB passthrough
on host:
lsusb
returns my USB DVB adapter:
Bus 001 Device 003: ID 0bda:2838 Realtek Semiconductor Corp. RTL2838 DVB-T
ls -l /dev/bus/usb/001
returns:
total 0
crw-rw-r-- 1 root root 189, 0 16 mai 21:25 001
crw-rw-r-- 1 root root 189, 1 16 mai 21:25 002
crw-rw-r-- 1 root root 189, 2 16 mai 21:25 003
ls -l /dev/dv
returns:
ls -l /dev/dvb/adapter0
returns:
total 0
crw-rw----+ 1 root video 212, 0 16 mai 21:25 demux0
crw-rw----+ 1 root video 212, 1 16 mai 21:25 dvr0
crw-rw----+ 1 root video 212, 3 16 mai 21:25 frontend0
crw-rw----+ 1 root video 212, 2 16 mai 21:25 net0
On the host as non root user:
nano /home/mynonrootusername/.local/share/lxc/mycontainername/config
is set this way:
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = linux64
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
lxc.apparmor.profile = unconfined
lxc.rootfs.path = dir:/home/mynonrootusername/.local/share/lxc/mycontainername/rootfs
lxc.uts.name = mycontainername
lxc.cgroup2.devices.allow = c 189:* rwm
lxc.mount.entry = /dev/bus/usb/001 dev/bus/usb/001 none bind,optional,create=dir
lxc.cgroup2.devices.allow= c 212:* rwm
lxc.mount.entry = /dev/dvb/adapter0 dev/dvb/adapter0 none bind,optional,create=dir
Alles anzeigen
On the host as root user:
nano /etc/lxc/default.conf
Is set this way:
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.apparmor.profile = generated
On the host as nonroot user I start my container like this:
lxc-unpriv-start -n mycontainername
lxc-unpriv-attach -n mycontainername
(Please care of the use of -unpriv part)
Inside the container as non root user:
ls -la /dev/bus/usb/001
returns
total 0
drwxr-xr-x 2 nobody nogroup 100 May 16 19:25 .
drwxr-xr-x 3 root root 60 May 16 20:36 …
crw-rw-r-- 1 nobody nogroup 189, 0 May 16 19:25 001
crw-rw-r-- 1 nobody nogroup 189, 1 May 16 19:25 002
crw-rw-r-- 1 nobody nogroup 189, 2 May 16 19:25 003
and
ls -la /dev/dvb
returns
total 0
drwxr-xr-x 3 root root 60 May 16 20:36 .
drwxr-xr-x 7 root root 540 May 16 20:36 …
drwxr-xr-x 2 nobody nogroup 120 May 16 19:25 adapter0
and
ls -la /dev/dvb/adapter0
returns
total 0
drwxr-xr-x 2 nobody nogroup 120 May 16 19:25 .
drwxr-xr-x 3 root root 60 May 16 20:36 …
crw-rw----+ 1 nobody nogroup 212, 0 May 16 19:25 demux0
crw-rw----+ 1 nobody nogroup 212, 1 May 16 19:25 dvr0
crw-rw----+ 1 nobody nogroup 212, 3 May 16 19:25 frontend0
crw-rw----+ 1 nobody nogroup 212, 2 May 16 19:25 net0
but when I launch vdr inside container as non root user:
vdr
I get
vdr: no primary device found - using first device!
What am I missing?
I guess I should do something with the host video group.
So on the host as non root user, I modified as listed:
I modified the file to add the “video” line:
nano /etc/subuid
nano /etc/subgid
I tried to extend the mapping to add the “video” group to the container but must have do it wrong
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.idmap = u 44 165536 1
lxc.idmap = g 44 165536 1
or
lxc.idmap = u 0 100000 44
lxc.idmap = g 0 100000 44
lxc.idmap = u 44 44 1
lxc.idmap = g 44 44 1
lxc.idmap = u 45 100045 65491
lxc.idmap = g 45 100045 65491
are giving an error at container startup:
tools/lxc_start.c: main: 308 The container failed to start
Do you think there is a way to make this working, and could you help me to do so?