[PVE-User] unpriviliged lxc uid/gid mappings

[PVE-User] unpriviliged lxc uid/gid mappings

[Lindsay Mathieson]

I must say, I find the subject very confusing and difficult to parse. It 
seems very difficult to setup with multiple user and container mappings 
to maintain - I just setup 4 containers with 4 bind mounts each and 
after a lot of fiddling, got them working, but I'm not confident on 
maintenance for the future. I had to give up on the container that 
needed access to 2 USB tuners and a Intel QuickSync GPU (vaapi), ended 
up running that container privileged.


Is there any plans to simplify it for the future? I found the LXD (4.0?) 
system of raw.idmap settings much easier to setup, I was able to 
generically script that for containers.


Not complaining, I'm very happy with the overall setup I have at home - 
PX Media Server and a PBS Server, much easier to maintain than my old 
setup, and disaster recovery exists now :)

-- 
Lindsay

[PVE-User] unpriviliged lxc uid/gid mappings

[Lindsay Mathieson]

I must say, I find the subject very confusing and difficult to parse. It 
seems very difficult to setup with multiple user and container mappings 
to maintain - I just setup 4 containers with 4 bind mounts each and 
after a lot of fiddling, got them working, but I'm not confident on 
maintenance for the future. I had to give up on the container that 
needed access to 2 USB tuners and a Intel QuickSync GPU (vaapi), ended 
up running that container privileged.


Is there any plans to simplify it for the future? I found the LXD (4.0?) 
system of raw.idmap settings much easier to setup, I was able to 
generically script that for containers.

-- 
Lindsay