From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 48DAE9B964 for ; Thu, 19 Oct 2023 14:19:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2308219AD4 for ; Thu, 19 Oct 2023 14:19:51 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 19 Oct 2023 14:19:50 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CED2A43058 for ; Thu, 19 Oct 2023 14:19:49 +0200 (CEST) From: Filip Schauer To: pve-devel@lists.proxmox.com Date: Thu, 19 Oct 2023 14:18:56 +0200 Message-Id: <20231019121856.379185-1-f.schauer@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.209 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH RFC container] Add device passthrough X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2023 12:19:51 -0000 Signed-off-by: Filip Schauer --- Is it reasonable to add a "dev[n]" argument to the pct.conf, given that device mount points only allow passing through block devices? src/PVE/LXC.pm | 14 ++++++++++++++ src/PVE/LXC/Config.pm | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm index c9b5ba7..6090534 100644 --- a/src/PVE/LXC.pm +++ b/src/PVE/LXC.pm @@ -639,6 +639,20 @@ sub update_lxc_config { $raw .= "lxc.mount.auto = sys:mixed\n"; } + foreach my $k (keys %$conf) { + next if $k !~ m/^dev(\d+)$/; + my $devpath = $conf->{$k}; + die "Device $devpath does not exist\n" unless (-e $devpath); + + my ($mode, $rdev) = (stat($devpath))[2, 6]; + die "Could not find major and minor ids of device $devpath.\n" unless ($mode && $rdev); + + my $major = PVE::Tools::dev_t_major($rdev); + my $minor = PVE::Tools::dev_t_minor($rdev); + $raw .= "lxc.cgroup2.devices.allow = c $major:$minor rw\n"; + $raw .= "lxc.mount.entry = $devpath " . substr($devpath, 1) . " none bind,create=file\n"; + } + # WARNING: DO NOT REMOVE this without making sure that loop device nodes # cannot be exposed to the container with r/w access (cgroup perms). # When this is enabled mounts will still remain in the monitor's namespace diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm index 56e1f10..4665ab1 100644 --- a/src/PVE/LXC/Config.pm +++ b/src/PVE/LXC/Config.pm @@ -29,6 +29,7 @@ mkdir $lockdir; mkdir "/etc/pve/nodes/$nodename/lxc"; my $MAX_MOUNT_POINTS = 256; my $MAX_UNUSED_DISKS = $MAX_MOUNT_POINTS; +my $MAX_DEVICES = 256; # BEGIN implemented abstract methods from PVE::AbstractConfig @@ -908,6 +909,37 @@ for (my $i = 0; $i < $MAX_UNUSED_DISKS; $i++) { } } +PVE::JSONSchema::register_format('pve-lxc-dev-string', \&verify_lxc_dev_string); +sub verify_lxc_dev_string { + my ($dev, $noerr) = @_; + + if ($dev !~ m!^/dev/!) { + return undef if $noerr; + die "$dev does not start with /dev/\n"; + } + + return $dev; +} + +my $dev_desc = { + dev => { + type => 'string', + default_key => 1, + format => 'pve-lxc-dev-string', + format_description => 'Path', + description => 'Device to pass through to the container', + verbose_description => 'Path to the device to pass through to the container' + } +}; + +for (my $i = 0; $i < $MAX_DEVICES; $i++) { + $confdesc->{"dev$i"} = { + optional => 1, + type => 'string', format => $dev_desc, + description => "Device to pass through to the container", + } +} + sub parse_pct_config { my ($filename, $raw, $strict) = @_; -- 2.39.2