I had someone ask me this question & I don’t know the answer so thought I’d put it on the forum…
“would love to know if it can support hardware passthrough beyond passing /dev (I want to do stuff in the /sys/pci tree, which I can do in KVM but would like to see how to do so in LXD/LXC).”
/sys/pci isn’t namespaced, so all containers can see it, though unprivileged containers will not be able ot mess with it and privileged containers would need some special config to turn off apparmor for those paths.
So it’s probably possible to have a container play with /sys/pci but that’s not going to be particularly safe (so better trust that particular container).
Thanks Stephane for the information!