Have you tried setting renderD to be owned by your user? Podman runs as a local user.
Comment on Podman rootless Jellyfin/Plex container with hardware acceleration
Kekin@lemy.lol 8 months agoYeah I’m fairly certain it’s a permission issue. Having the gpu with permissions 666 makes it work inside the containers.
The thing is also that these container images (plex and jellyfin) create a separate user inside, instead of using the root user, and this new user (“abc” for lsio images) doesn’t get added to the same groups as the root user.
Also the render group that gets passed to the container appears as “nogroup”, so I thought of adding user abc to “nogroup” but still didn’t seem to work.
possiblylinux127@lemmy.zip 8 months ago
h3ndrik@feddit.de 8 months ago
Sure. I believe that nogroup behaviour is a failsafe. Otherwise every misconfiguration would result in privilege escalation.
Unfortunately I’m not really familiar with that podman setup. I’m not sure if that
–group-add keep-groupshelps. I’m not sure what kind of groups are defined inside of the container. If the render group is even there and attached to the user that runs the process. Also I’m not sure if it’s the group’s name or number that counts… The numbers can be different from container to container.Maybe you can peek at the container, see how it’s set up inside? Maybe something like the
–device-cgroup-rulehelps to give access to the user wirhin the container?