But I can’t find the config file. Do you know where is it? Are there any other way of adding this options to the container?
I have tried stopping the container and adding the lines above to /var/snap/lxd/common/lxd/logs/mycontainer/lxc.conf but they are removed on starting the container so I guess that is not the right place to add the options.
The mount line is a bit more complicated because you are spoiled for choice.
One option is a bind-mount, (see full documentation). The other is with unix-char.
Indeed, you need to use the lxc config options to specify the appropriate UID/GID.
Does your host have PulseAudio? Because if it does, then you can just share the PulseAudio Unix socket from the host to the container.
I hardly got my mind around the UID/GID mapping. As far as I know, uid 0 in the host is mapped to uid 100000 in the container and so on. But, if the gid for audio group in the host is 29, why is it mapped to 65534 in the container? It should be 100029 instead, isn’t it?. I don’t know how to change this and I couldn’t find any good information about this issue .
I’ve read about /etc/subuid and /etc/subgid but I can’t figure out how those files fit in this issue.
No, the host doesn’t have PulseAudio, and I’d prefer not to install it unless it’s mandatory.
What I would do is run aplay -l and aplay someaudio.wav on the host, and use strace to figure out which audio device files are being accessed. Then, I would made those device files accessible in the container. ID mapping comes into play if you get any permission denied errors, and I think it is only involved when you are mounting files.
I have not seen a post that describes how to pass all the necessary audio devices from the host to the container, so that in the container you can play audio using either ALSA audio players, or even install PulseAudio. If you can achieve either, it would be great.
Then, run something like grep "/dev/" /tmp/aplay-audio.strace*.
Note that a typical desktop system uses PulseAudio, so if you were to use Ubuntu to run aplay, it would use PulseAudio instead of directly opening the audio devices. So it is good that your setup on the host does not have PulseAudio so that you can investigate better.
I bind mounted the full /dev/snd directory in the container:
lxc config device add mycontainer dev_snd disk source=/dev/snd raw.mount.options="bind,optional,create=dir" path="/dev/snd"
lxc config set mycontainer raw.lxc="lxc.cgroup.devices.allow = c 116:* rwm"
The problem is that the devices in the container aren’t owned by root:audio as they are in the host, but they are owned by nobody:nogroup. I think that’s because the uid 0 and gid 29 don’t exist in the container, so they are mapped to -1, which in the end is traslated into nobody/nogroup.
If I change the permissions of the devices in the host to 666, then I can access them in the container, but it seems to me a bad way of solving this. Besides, something changed the permissions of the devices in the host back to 660.
There is a _shift_parameter here that can help you. Enable it and restart the container.
Run `lxc info | grep shift’ to verify that shiftfs is enabled for you.
With that command, the guid 29 is directly mapped between the host and the container, so guid 29 in the container is also guid 29 in the host. I’m not sure if this can pose a security risk though.
root@container:~# ls -l /dev/snd/
total 0
drwxr-xr-x 2 nobody nogroup 60 Feb 12 19:01 by-path
crw-rw---- 1 nobody audio 116, 6 Feb 12 19:01 controlC0
crw-rw---- 1 nobody audio 116, 3 Feb 12 19:01 pcmC0D0c
crw-rw---- 1 nobody audio 116, 2 Feb 17 13:59 pcmC0D0p
crw-rw---- 1 nobody audio 116, 5 Feb 17 13:59 pcmC0D1c
crw-rw---- 1 nobody audio 116, 4 Feb 12 19:01 pcmC0D1p
crw-rw---- 1 nobody audio 116, 1 Feb 12 19:01 seq
crw-rw---- 1 nobody audio 116, 33 Feb 12 19:01 timer
But with user jibri (uid=998(jibri) gid=998(jibri) groups=998(jibri),4(adm),29(audio),44(video),46(plugdev),65534(nogroup),1001(jitsi)), I see no soundcard:
$ aplay -l
aplay: device_list:276: no soundcards found...