I’ve been trying to get hardware acceleration working on rootless containers of Plex and Jellyfin and I can’t get it to work the proper way.
My current workaround is having my device /dev/dri/renderD128 with permissions set to 666, but I feel like that really isn’t an ideal setup.
Some things I’ve done:
-Currently I’m running my containers with my user with ID 1000.
-My user is part of the render group, which is the group assigned to:
/dev/dri/renderD128
-I’m passing the device to the containers as such:
--device /dev/dri:/dev/dri
-In my plex container for example, I’m passing the IDs to use as such:
-e PUID=1000 and -e PGID=1000
-I tried the option “–group-add keep-groups” and I see the groups in the container but I believe they’re assigned to the root user in the container, and from my understanding, the plex and jellyfin images I’ve tried I think they create a user inside with the IDs I pass, in this case 1000, and so this new user doesn’t get assigned my groups on the host. I’m using the LinuxServer.io images currently but I saw the official plex image creates a user named “plex”. The LinuxServer.Io images create a user named “abc”.
-Out of curiosity on the host I changed the group of /dev/dri/renderD128 to my user’s group 1000, but that didn’t work either
-I tried with the --privileged option too but that didn’t seem to work either, at least running podman as my user.
-I haven’t tried running podman as root for these containers, and I wonder how that compares security-wise vs having my /dev/dri/renderD128 with permissions set to 666
For some context, I’ve been transitioning from Docker to Podman rootless over the past 5 days maybe. I’ve learned a couple of things but this one has been quite a headache.
Any tips or hints would be appreciated. Thanks!
Have you tried setting renderD to be owned by your user? Podman runs as a local user.