VAAPI on privileged container

To activate the trans codification for jellyfin I need to activate VAAPI on my container.
For now I have a privileged container (I launched it as root with lxc-start) working perfectly.

  • Is it possible to activate VAAPI on this type of container or do I need to create unprivileged container?
  • If the second solution is the way, is anyone as a decent tuto create unprivileged container? I am on debian 11 and it is a pain.

It should be fine but I don’t know exactly what VAAPI uses to access the GPU.
My guess would be the /dev/dri nodes which would then need to be passed through with either the gpu device type or individually with unix-char.

for unprivileged container they give this:

lxc.idmap = g 0 100000 109
lxc.idmap = g 109 107 1
lxc.idmap = g 110 100110 65426
lxc.cgroup.devices.allow = c 226:128 rwm
lxc.mount.entry = /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file

if I add the /dev/dri line command, it doesn’t change anything.
the command vainfo failed.