LXC uid/gid mapping USB passthrough [proxmox, plex]

Feeling real dumb here. I have a Proxmox server with a Ubuntu 22.04 CT running a Plex server, with a Hauppage WinTV-quadHD USB [hauppaugeDOTcom/pages/products/data_quadhd-usb.html] that I’m trying to get Plex to pick up. I’ve got the CT seeing it via lsusb, however, Plex can’t see it.

From what I’ve read, I need to assign uid/gid’s from the CT to the host, so that the CT can access the mount point of the USB device, however, for whatever reason, I can’t seem to get it through my meter thick skull how tf this is supposed to work. So far I’ve been able to understand what’s happening with containers, but this just isn’t clicking with me.
I’ve followed a few different tutorials/threads, so if things make even less sense in the CT config, that’s why. I’m just throwing stuff in there at this point to see what (if anything) sticks.

lsusb from inside the CT

plex@plex:~$ lsusb
Bus 003 Device 002: ID 8087:8000 Intel Corp. Integrated Rate Matching Hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:8008 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 002: ID 2109:0715 VIA Labs, Inc. VL817 SATA Adaptor
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 005: ID 2040:846d Hauppauge quadHD-A
Bus 002 Device 004: ID 2040:846d Hauppauge quadHD-A
Bus 002 Device 002: ID 04e2:0404 Exar Corp. USB 2.0 Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

id from inside the CT

plex@plex:~$ id
uid=1000(plex) gid=1000(plex) groups=1000(plex),27(sudo),44(video)

These are my current config files:

Plex CT config

root@server:~# cat /etc/pve/local/lxc/107.conf
arch: amd64
cores: 4
features: nesting=1
hostname: plex
memory: 2048
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=16:5B:21:19:85:E9,ip=dhcp,ip6=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-107-disk-0,size=10G
swap: 512
unprivileged: 1
lxc.cgroup.devices.allow: c 120:* rwm
lxc.cgroup.devices.allow: c 189:* rwm
lxc.cgroup.devices.allow: c 212:* rwm
lxc.cgroup2.devices.allow: c 120:* rwm
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.cgroup2.devices.allow: c 212:* rwm
lxc.mount.entry: /dev/bus/usb/002/ dev/bus/usb/002/ none bind,optional,create=dir
lxc.mount.entry: /dev/dvb dev/dvb none bind,optional,create=dir 0 0
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 5
lxc.idmap: g 1000 1000 5
lxc.idmap: u 1000 10000 64535
lxc.idmap: g 1000 10000 64535
lxc.idmap: g 44 44 5
lxc.idmap: g 44 100044 65491

Proxmox /etc/subuid

root@server:~$ cat /etc/subuid
root:100000:65536
root:1000:5

Proxmox /etc/subgid

root@server:~$ cat /etc/subgid
root:100000:65536
root:1000:5

Output from Proxmox when trying to start CT with that config

lxc_map_ids: 3668 newuidmap failed to write mapping "newuidmap: write to uid_map failed: Invalid argument": newuidmap 242615 0 100000 1000 1000 1000 5 1000 101001 64535
lxc_spawn: 1791 Failed to set up id mapping.
__lxc_start: 2074 Failed to spawn container "107"
TASK ERROR: startup for container '107' failed

What I think I’m trying to do:
Create a mount point for the USB devices, in which I’m giving the CT all of /dev/bus/usb/002/ in case the actual devices change ids.

Allow cgroups through with their major numbers (I guess that’s a thing I have to do.).

lxc.cgroup2.devices.allow: c 189:* rwm
lxc.cgroup2.devices.allow: c 212:* rwm

Allow plex (uid/gid 1000) and video (gid 44) to have at least 4 mappings (the 4 tuners) from the host. Which apparently corresponds with /dev/dvb/adapter0 through /dev/dvb/adapter3.

Avoid chowning /dev/dvb/ as I want to try other software with the tuner (jellyfin, nextpvr, etc.).

I have a feeling I’m just not getting how the mapping works in /lxc/107.conf, and how exactly that relates to /etc/subuid and /etc/subgid.

Thanks for reading. I’m going to keep reading and trying. Maybe I’ll eventually get it.

I am just interested in hearing the solution since I have never tried hardware passthrough with LXC/LXD

That’s what I would have tried, it’s the same way I pass through my GPU for any needed transcodes…

I hope you can find an answer, sadly I use a HDHomeRun which just transmits via ethernet network that plex can pickup and install by scanning.

I too hope you can find a solution.

**My Idea (as a SUPER Novice)
If I had to guess, the LXC might be so basic that its missing drivers or software to run the USB device to retrieve the data from the USB tuner for plex to read.

I wonder if you ran a full distro like ubuntu, or whatever you are comfortable with, if you could install the USB tuner and plex server on it to get it to work. I know the LXC is leaner but if you really want to get it to just work, maybe this would help?

From my pass through, I do not have anything like this in my config for my pass through of a PCIE device:

I also have not read all you have so I’m sure it has a purpose… I also always double check formatting. I have a tendency to miss something small like a . or / or mix /\ but yeah I’m sure. Thats stupid advice I’m sure you checked all that… Sorry I cant be more helpful.

I did see this that was said it seemed to work for your instance

his solution was the order and just two lines…

lxc.cgroup.devices.allow: c 212:* rwm
lxc.mount.entry: /dev/dvb dev/dvb none bind,optional,create=dir

of course if your using the newest proxmox I believe it needs to have the “cgroup2” like this

lxc.cgroup2.devices.allow: c 212:* rwm
lxc.mount.entry: /dev/dvb dev/dvb none bind,optional,create=dir

Also I see the devices added twice as “cgroup” AND “cgroup2” in your LXC config…

Could this cause a conflict?
What ls -a * did you run on Proxmox to get 120, 189 an 212 as the needed devices to pass to the LXC? I didn’t see that step above.

Trying to lend a hand.

OP here, lost that username.

**My Idea (as a SUPER Novice)
If I had to guess, the LXC might be so basic that its missing drivers or software to run the USB device to retrieve the data from the USB tuner for plex to read.
I wonder if you ran a full distro like ubuntu, or whatever you are comfortable with, if you could install the USB tuner and plex server on it to get it to work. I know the LXC is leaner but if you really want to get it to just work, maybe this would help?

Running Ubuntu Server 22.04, and have installed hauppage’s firmware via hauppaugeDOTcom/pages/support/support_linux.html
USB works fine, I have bindmounts on other CTs for USB HDDs.
That being said, had a power outage yesterday, and now the tuner is on bus 001, so that’s fucking fun. (Then again, that is a lsusb from proxmox, so that might not actually be the case from the CT’s point of view)

root@server:/dev# lsusb
Bus 004 Device 002: ID 8087:8000 Intel Corp. Integrated Rate Matching Hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8008 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 2109:0715 VIA Labs, Inc. VL817 SATA Adaptor
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 005: ID 2040:846d Hauppauge quadHD-A
Bus 001 Device 004: ID 2040:846d Hauppauge quadHD-A
Bus 001 Device 002: ID 04e2:0404 Exar Corp. USB 2.0 Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

I did see this that was said it seemed to work for your instance

Yeah, that’s in the LXC config.

Also I see the devices added twice as “cgroup” AND “cgroup2” in your LXC config… Could this cause a conflict?

Have tried them both separately, don’t think that’s the problem, as it boots with those in the config, (together or separately), only when I try to assign uids does the CT fail to boot.

What ls -a * did you run on Proxmox to get 120, 189 an 212 as the needed devices to pass to the LXC? I didn’t see that step above.

Don’t remember. I haven’t had time to work on this until now (since the OP), so I’m installing Ubuntu 22.04 server as a VM to see if I can even get that working, and will continue to bang my head against my keyboard to see if I can get mappings correct for the next few days. I know at least one of those (I think 212) I threw in there from some other forum that was having similar problems.

I hope you can find an answer, sadly I use a HDHomeRun which just transmits via ethernet network that plex can pickup and install by scanning.

Maybe I’ll go that route, I liked the idea of USB, but maybe now not so much.

Thanks for your ideas!

Well, I can’t even get a VM to boot when trying to pass through the tuner through the proxmox GUI, so that’s fun. Installing on a laptop running 22.04 desktop to see if I can get anything working.
EDIT: Yep, shows right up on the laptop. ughhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

EDIT2: Looking at this post [forum.proxmoxDOTcom/threads/wintv-quad-hd-dvb-t2-tuner-not-working-ubuntu-20-04-in-linux-container-lxc-on-proxmox.89231/#post-390739] on the proxmox forums, it seems that I may not completely be understanding how CTs work.

You’ll need to have get the kernel of the Proxmox host to initialize the card, if you want to access it from a container. Containers cannot load drivers and all share the same (host) kernel and therefore drivers. If there are no build-in or open-source drivers, you’ll have to install the linux drivers from Hauppauge. I assume that installing the drivers and other necessary software on the host creates the video group (I don’t remember the specifics but mine did not require external drivers, only firmware). When that is successful, you can get the major number from ls -al /dev/dvb/adaptor0 .

That post is about a PCIE card on a privileged CT, where as I’m trying to run everything unprivileged, because security, but maybe it still applies to USB/ what I’m doing here. Seems similar enough anyway.

So next step seems to be to install their firmware on the proxmox host via hauppaugeDOTcom/pages/support/support_linux.html#firmware
Except proxmox is debian based and their PPA is for ububtu, so seems like I have to install manually/ build from source? We’ll find out!

Ha, old post but if anyone else comes across this like I did the ‘easy’ fix is to chmod the adapter files so that they are readable by your plex user in the container. This should be usable by other containers then too as you’re opening up the permissions instead of changing any group or user ids for the device.

So short summary is:

1. Added the following to my lxc config (/etc/pve/lxc/<lxcid>.conf):

lxc.cgroup2.devices.allow: c 212:* rwm
lxc.mount.entry: /dev/dvb dev/dvb none bind,optional,create=dir

2. Did chmod a+rw * inside the adapter folders (on the proxmox os) I wanted my containers to access (ex: /dev/dvb/adapter0/* and /dev/dvb/adapter1/*.
3. Restarted container.
4. Went to Plex web UI → Settings → Live TV & DVR → ‘Set up DVR’ and it was able to find my USB tuner and scan for channels.

Some notes:

• My Plex is running in an unprivileged container, no special options were granted to it.
• The above steps worked with a Hauppauge WinTV-dualHD usb tuner.
• Doing user mapping as mentioned in the previous comments would be ‘more secure’ overall but as mentioned it can (and does) quickly get finnicky and can make it more complex. I felt comfortable with enabling read access for all users to the dvb device.
• This worked with Proxmox 7.4 and an Ubuntu 22.04 lxc image for Plex, no additional PPAs / firmware packages…etc were installed specific for the Hauppauge tuner. Should work for newer versions but YMMV.

Thanks for the initial post! I was stuck with getting this to work after reading all the other posts online and then this post made me realize I also needed to look at the permissions of the adapter device being passed through.

Thanks for adding the follow up.