Hi,
I have issue with /dev/dri/renderD128 passed to podman container.
I’m moving from fedora, where this worked and I cannot find a way, how to make this work in microos. Only way, which is now working is temporally change permission on host on /dev/dri/renderD128 to 777
there is id from host:
uid=1000(ksj) gid=1000(ksj) groups=1000(ksj),486(video),489(render) context=unconfined_u:unconfined_r:unconfined_t:s0
ls -la from host
crw-rw----. 1 root video 226, 1 Jun 28 21:36 card1
crw-rw----. 1 root render 226, 128 Jun 28 21:36 renderD128
id from container
uid=0(root) gid=0(root) groups=0(root),486,489
la -la from container
crw-rw----. 1 nobody nogroup 226, 1 Jun 28 19:36 card1
crw-rw----. 1 nobody nogroup 226, 128 Jun 28 19:36 renderD128
and important part of the quadlet file
[Container]
AutoUpdate=registry
ContainerName=jellyfin
Image=docker.io/jellyfin/jellyfin:latest
AddDevice=/dev/dri:/dev/dri
Volume=/home/DATA/jellyfin:/mnt/RAID:Z
Volume=%h/.jellyfin-cache:/cache:Z
Volume=%h/jellyfin-config:/config:Z
HealthCmd=curl http://localhost:8096
#GroupAdd=keep-groups
GroupAdd=486
GroupAdd=489
Entrypoint=["/jellyfin/jellyfin","2>&1"]
PublishPort=8096:8096/tcp
UserNS=keep-id:uid=0,gid=0
I have tried everything, but except the mentioned temporally change of permission on host, I had no success. I think there is something different in mapping of processes between fedora and opensuse…
I even tried to set group according to nogroup:
nogroup:x:65534:
uid=0(root) gid=0(root) groups=0(root),65534(nogroup)
but there is still permission denied when accessing /dev/dri/renderD128
I don’t have any idea what else to try