Autor Thema: SkyTv Ultimate Dual + LXC unpriviliged  (Gelesen 410 mal)

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #15 am: Januar 05, 2023, 07:16:37 Nachmittag »
ich habe kein logfile für den mediasrv, von wo wird der gestartet ? da habe ich mir schon den Wolf nach abgesucht

ich kann aber mit mediaclient sehen das der treiber wohl da ist und die Karte läuft. tvheadend allerdings sieht keine DVB adapter .....

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #16 am: Januar 05, 2023, 07:18:28 Nachmittag »
das hier ist grade der Fehlerfall, man sieht das kein client verbunden ist

root@tvh:/var/log# /opt/bin/mediaclient -e
**** List of Media Hardware Devices ****
device 0: [             Dual S2]  DVB-S/S2, REMOTE-CONTROL, DVB-S/S2
  [INFO]:
     STATUS: STANDBY
  [BUS]:
     ID: 1-3
  [SERIAL]:
     ID: U220618172518
  [DVB-S/S2]:
     FESTATUS: STANDBY
     LNBVOLTAGE: DISABLED
     LNBSUPPLY: USBPOWER
     LNBSTATUS: OK
     FRONTEND: /dev/dvb/adapter0/frontend0
     DVR: /dev/dvb/adapter0/dvr0
     DMX: /dev/dvb/adapter0/demux0
  [REMOTECONTROL]:
     INPUT0: /dev/mediainput0
  [DVB-S/S2]:
     FESTATUS: STANDBY
     FRONTEND: /dev/dvb/adapter1/frontend0
     DVR: /dev/dvb/adapter1/dvr0
     DMX: /dev/dvb/adapter1/demux0

root@tvh:/var/log# /opt/bin/mediaclient --lc
**** List of Media Clients ****
/dev/dvb/adapter0/frontend0:
  No client connected
/dev/dvb/adapter0/dvr0:
  No client connected
/dev/dvb/adapter0/demux0:
  No client connected
/dev/mediainput0:
  No client connected
/dev/dvb/adapter1/frontend0:
  No client connected
/dev/dvb/adapter1/dvr0:
  No client connected
/dev/dvb/adapter1/demux0:
  No client connected

root@tvh:/var/log#

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #17 am: Januar 05, 2023, 07:20:48 Nachmittag »
root@tvh:/var/log# ps -aufx
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         397  0.0  0.0   7136  3568 pts/4    Ss   17:11   0:00 /bin/bash
root         513  0.0  0.0  10072  3236 pts/4    R+   17:19   0:00  \_ ps -aufx
root           1  0.0  0.1 165440 10220 ?        Ss   17:11   0:00 /sbin/init
root          67  0.0  0.5 135348 43924 ?        Ss   17:11   0:00 /lib/systemd/systemd-journald
root          74  0.0  0.0  20616  4852 ?        Ss   17:11   0:00 /lib/systemd/systemd-udevd
systemd+      78  0.0  0.0  16052  5924 ?        Ss   17:11   0:00 /lib/systemd/systemd-networkd
systemd+      82  0.0  0.1  24112 12172 ?        Ss   17:11   0:00 /lib/systemd/systemd-resolved
root          87  0.0  0.0   6748  2792 ?        Ss   17:11   0:00 /usr/sbin/cron -f
message+      88  0.0  0.0   8264  4292 ?        Ss   17:11   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-on
root          93  0.0  0.0  13844  7148 ?        Ss   17:11   0:00 /lib/systemd/systemd-logind
root         107  0.0  0.0   5480  2240 pts/0    Ss+  17:11   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 linux
root         108  0.0  0.0   5480  2192 pts/0    Ss+  17:11   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/0 115200,38400,9600 vt220
root         109  0.0  0.0   5480  2068 pts/1    Ss+  17:11   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/1 115200,38400,9600 vt220
root         110  0.0  0.0   5480  2048 pts/2    Ss+  17:11   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/2 115200,38400,9600 vt220
root         111  0.0  0.0   5480  2216 pts/3    Ss+  17:11   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/3 115200,38400,9600 vt220
tvh          113  0.0  0.1  15188  8596 ?        Ss   17:11   0:00 /lib/systemd/systemd --user
tvh          114  0.0  0.0 103024  2532 ?        S    17:11   0:00  \_ (sd-pam)
tvh          127  0.0  0.0   6820  3372 ?        Ss   17:11   0:00  \_ /bin/bash /home/tvh/tvheadend.sh
tvh          128  0.0  0.4 1387224 39152 ?       Sl   17:11   0:01      \_ /home/tvh/tvheadend/build.linux/tvheadend -S -C -p /run/tvheadend.pid -u tvh -g video
Debian-+     393  0.0  0.0  18608  4620 ?        Ss   17:11   0:00 /usr/sbin/exim4 -bd -q30m
root         400  0.0  0.0 355156  6948 ?        Sl   17:11   0:06 /opt/bin/mediasrv -d --pluginpath=/opt/bin
root         401  0.0  0.0   2992  1260 ?        S    17:11   0:00  \_ /opt/bin/mediasrv -d --pluginpath=/opt/bin

root@tvh:/var/log# cat /proc/128/maps | grep media
7fe319800000-7fe319810000 r-xp 00000000 00:2b 379819                     /opt/lib/libmediaclient.so
7fe319810000-7fe319a0f000 ---p 00010000 00:2b 379819                     /opt/lib/libmediaclient.so
7fe319a0f000-7fe319a10000 r--p 0000f000 00:2b 379819                     /opt/lib/libmediaclient.so
7fe319a10000-7fe319a11000 rw-p 00010000 00:2b 379819                     /opt/lib/libmediaclient.so

Sundtek

  • Administrator
  • Hero Member
  • *****
  • Beiträge: 8387
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #18 am: Januar 05, 2023, 07:36:31 Nachmittag »
-u tvh -g video hast du dir die TVHeadend logs angesehen?

User TVH / Group Video, ist /dev/dvb überhaupt für die zugänglich?
Failure is a good thing! I'll fix it

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #19 am: Januar 05, 2023, 07:51:42 Nachmittag »
tvh@tvh:/dev$ ls -al
total 4
drwxr-xr-x 9 root   root       580 Jan  5 17:11 .
drwxr-xr-x 1 root   root       154 Dec 14 05:29 ..
drwxr-xr-x 3 root   root        60 Jan  5 17:11 bus
crw--w---- 1 root   tty     136, 0 Jan  5 17:11 console
lrwxrwxrwx 1 root   root        11 Jan  5 17:11 core -> /proc/kcore
drwxr-xr-x 5 nobody nogroup    100 Jan  5 11:55 dvb
lrwxrwxrwx 1 root   root        13 Jan  5 17:11 fd -> /proc/self/fd
crw-rw-rw- 1 nobody nogroup   1, 7 Jan  5 11:55 full
lrwxrwxrwx 1 root   root        12 Jan  5 17:11 initctl -> /run/initctl
lrwxrwxrwx 1 root   root        28 Jan  5 17:11 log -> /run/systemd/journal/dev-log
drwxr-xr-x 4 root   root        80 Jan  5 17:11 .lxc
-r--r--r-- 1 root   root        37 Jan  5 17:11 .lxc-boot-id
drwxrwxrwt 2 nobody nogroup     40 Jan  5 17:11 mqueue
crw-rw-rw- 1 nobody nogroup   1, 3 Jan  5 11:55 null
crw-rw-rw- 1 root   root      5, 2 Jan  5 17:46 ptmx
drwxr-xr-x 2 root   root         0 Jan  5 17:11 pts
crw-rw-rw- 1 nobody nogroup   1, 8 Jan  5 11:55 random
drwxrwxrwt 2 root   root        40 Jan  5 17:11 shm
lrwxrwxrwx 1 root   root        15 Jan  5 17:11 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root   root        15 Jan  5 17:11 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root   root        15 Jan  5 17:11 stdout -> /proc/self/fd/1
drwxrwxrwx 3 nobody nogroup     60 Jan  5 11:55 sundtek
crw-rw-rw- 1 nobody nogroup   5, 0 Jan  5 17:46 tty
crw--w---- 1 root   tty     136, 0 Jan  5 17:11 tty1
crw--w---- 1 root   tty     136, 1 Jan  5 17:11 tty2
crw--w---- 1 root   tty     136, 2 Jan  5 17:11 tty3
crw--w---- 1 root   tty     136, 3 Jan  5 17:11 tty4
crw-rw-rw- 1 nobody nogroup   1, 9 Jan  5 11:55 urandom
crw-rw-rw- 1 nobody nogroup   1, 5 Jan  5 11:55 zero
tvh@tvh:/dev$

aus dem container mit dem entsprechenden user.

/dev/dvb ist lesbar, /dev/sundtek schreibbar, konnte da bisher keine einschränkung feststellen .....aber das ist auch die Ecke durch die ich mit dir nochmal beackern wollte denn mediasrv beschwert sich durchaus, nur kann ich die start parameter nicht anpassen weil ich nicht weiss woher das gelauncht wird


Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #20 am: Januar 05, 2023, 07:54:05 Nachmittag »
2023-01-05 17:52:19 [553] found lib: libdrv_fm.so
2023-01-05 17:52:19 [553] found lib: libdrv_vivi.so
2023-01-05 17:52:19 [553] found lib: libdrv_fm_dab_dabplus.so
2023-01-05 17:52:19 [553] found lib: libdrv_em28xx.so
2023-01-05 17:52:19 [553] found lib: libdrv_eLight.so
2023-01-05 17:52:19 [553]
2023-01-05 17:52:19 [553] Scanning for plugins
2023-01-05 17:52:19 [553] found lib: libencoder_plugin.so
2023-01-05 17:52:19 [553] MediaAVPlugin: MPEG Encoder
2023-01-05 17:52:19 [553] Copyright: (C) Tpe 2011/2012
2023-01-05 17:52:19 [553]
2023-01-05 17:52:19 [553] Starting up device manager
2023-01-05 17:52:19 [553] unable to create /dev/sundtek/usb/001/004, this will lead to a failure now
2023-01-05 17:52:19 [553] retrying with 3rd workaround now
2023-01-05 17:52:19 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/002)
2023-01-05 17:52:20 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/002)
2023-01-05 17:52:21 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/002)
2023-01-05 17:52:22 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/002)
2023-01-05 17:52:23 [553] skipping unknown busy device, check dmesg maybe a module is interfering (eg. usbhid)
2023-01-05 17:52:23 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/005)
2023-01-05 17:52:24 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/005)
2023-01-05 17:52:25 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/005)
2023-01-05 17:52:26 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/005)
2023-01-05 17:52:27 [553] skipping unknown busy device, check dmesg maybe a module is interfering (eg. usbhid)
2023-01-05 17:52:27 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/003)
2023-01-05 17:52:28 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/003)
2023-01-05 17:52:29 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/003)
2023-01-05 17:52:30 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/003)
2023-01-05 17:52:31 [553] skipping unknown busy device, check dmesg maybe a module is interfering (eg. usbhid)
2023-01-05 17:52:31 [553] Setting permission of /dev/dvb to 777
2023-01-05 17:52:31 [553] This is to avoid problems if TV Applications are started as another user
2023-01-05 17:52:31 [553] as seen on eg. Synology NAS Systems where tvheadend is unable to read
2023-01-05 17:52:31 [553] /dev/dvb and because of that would not detect the TV tuner
2023-01-05 17:52:31 [553] scanning devices done
2023-01-05 17:52:31 [553] attached devices:
2023-01-05 17:52:31 [554] Autostarting scripts in /etc/sundtek/
2023-01-05 17:52:31 [554] executed all available items


auch du grüne Neune ....wer lesen kann ist klar im vorteil :

sollte das ein problem sein ?
2023-01-05 17:52:31 [553] Setting permission of /dev/dvb to 777
2023-01-05 17:52:31 [553] This is to avoid problems if TV Applications are started as another user
2023-01-05 17:52:31 [553] as seen on eg. Synology NAS Systems where tvheadend is unable to read
2023-01-05 17:52:31 [553] /dev/dvb and because of that would not detect the TV tuner

aber warum macht dann die Art des Starts einen Unterschied .......

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #21 am: Januar 05, 2023, 07:55:12 Nachmittag »
hier der Rest:

2023-01-05 17:52:31 [553] skipping unknown busy device, check dmesg maybe a module is interfering (eg. usbhid)
2023-01-05 17:52:31 [553] Setting permission of /dev/dvb to 777
2023-01-05 17:52:31 [553] This is to avoid problems if TV Applications are started as another user
2023-01-05 17:52:31 [553] as seen on eg. Synology NAS Systems where tvheadend is unable to read
2023-01-05 17:52:31 [553] /dev/dvb and because of that would not detect the TV tuner
2023-01-05 17:52:31 [553] scanning devices done
2023-01-05 17:52:31 [553] attached devices:
2023-01-05 17:52:31 [554] Autostarting scripts in /etc/sundtek/
2023-01-05 17:52:31 [554] executed all available items
2023-01-05 17:52:38 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/002)
2023-01-05 17:52:39 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/002)
2023-01-05 17:52:40 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/002)
2023-01-05 17:52:41 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/002)
2023-01-05 17:52:42 [553] skipping unknown busy device, check dmesg maybe a module is interfering (eg. usbhid)
2023-01-05 17:52:42 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/005)
2023-01-05 17:52:43 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/005)
2023-01-05 17:52:44 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/005)
2023-01-05 17:52:45 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/005)
2023-01-05 17:52:46 [553] skipping unknown busy device, check dmesg maybe a module is interfering (eg. usbhid)
2023-01-05 17:52:46 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/003)
2023-01-05 17:52:47 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/003)
2023-01-05 17:52:48 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/003)
2023-01-05 17:52:49 [553] device not ready, sleeping 3 seconds and retrying (/dev/bus/usb/001/003)
2023-01-05 17:52:50 [553] skipping unknown busy device, check dmesg maybe a module is interfering (eg. usbhid)
2023-01-05 17:52:50 [553] registering ID: 0
2023-01-05 17:52:51 [553] Memory mapped transfers are not available
2023-01-05 17:52:51 [553] Board config found: Sundtek SkyTV Dual 8 (eLight)
2023-01-05 17:52:51 [553] This board provides 2 frontends
2023-01-05 17:52:51 [553]
2023-01-05 17:52:51 [553] *********
2023-01-05 17:52:51 [553] Signature: Sundtek
2023-01-05 17:52:51 [553] Initializing SYSV-IPC
2023-01-05 17:52:51 [553] Allocation using pg for type 65678
2023-01-05 17:52:52 [553] demodulator successfully attached (DVB_S/S2)!
2023-01-05 17:52:52 [553] attaching second tuner...
2023-01-05 17:52:52 [553] Allocation using pg for type 65678
2023-01-05 17:52:54 [553] demodulator successfully attached (DVB_S/S2)!
2023-01-05 17:52:54 [553] Configuring Dual LNB Power Supply
2023-01-05 17:52:54 [553] Vertical Polarisation is set to 14.00 Volt
2023-01-05 17:52:54 [553] Horizontal Polarisation is set to 19.10 Volt
2023-01-05 17:52:54 [553] Enabling LNB status monitor
2023-01-05 17:52:54 [554] trying to load uinput module
2023-01-05 17:52:54 [554] loading uinput kernel extention failed, remote control will not work with lirc
2023-01-05 17:52:54 [553] No remote control support available
2023-01-05 17:52:54 [553] Initializing Remote Control Support (interrupt)
2023-01-05 17:52:54 [553] Unable to create /dev/mediainput0 (1/Operation not permitted)
2023-01-05 17:52:54 [553] registered virtual: /dev/mediainput0
2023-01-05 17:52:54 [553] /dev/dvb/adapter0 exists, but not accessible by everyone,
2023-01-05 17:52:54 [553]    fixing that by setting it to 777
2023-01-05 17:52:54 [553] Unable to create /dev/dvb/adapter0/frontend0 (17/File exists)
2023-01-05 17:52:54 [553] Unable to create /dev/dvb/adapter0/demux0 (17/File exists)
2023-01-05 17:52:54 [553] Unable to create /dev/dvb/adapter0/dvr0 (17/File exists)
2023-01-05 17:52:54 [553] registering: adapter0/0
2023-01-05 17:52:54 [553] registered virtual: /dev/dvb/adapter0/frontend0
2023-01-05 17:52:54 [553] registered virtual: /dev/dvb/adapter0/demux0
2023-01-05 17:52:54 [553] registered virtual: /dev/dvb/adapter0/dvr0
2023-01-05 17:52:54 [553] /dev/dvb/adapter1 exists, but not accessible by everyone,
2023-01-05 17:52:54 [553]    fixing that by setting it to 777
2023-01-05 17:52:54 [553] Unable to create /dev/dvb/adapter1/frontend0 (17/File exists)
2023-01-05 17:52:54 [553] Unable to create /dev/dvb/adapter1/demux0 (17/File exists)
2023-01-05 17:52:54 [553] Unable to create /dev/dvb/adapter1/dvr0 (17/File exists)
2023-01-05 17:52:54 [553] registering: adapter1/0
2023-01-05 17:52:54 [553] registered virtual: /dev/dvb/adapter1/frontend0
2023-01-05 17:52:54 [553] registered virtual: /dev/dvb/adapter1/demux0
2023-01-05 17:52:54 [553] registered virtual: /dev/dvb/adapter1/dvr0
2023-01-05 17:52:54 [553] Driver loaded within 3263 milliseconds
2023-01-05 17:52:57 [553] Initial devicescan done, switching detection mode
2023-01-05 17:53:09 [553] [FE0] . o ( Enabling Standby ) o .
2023-01-05 17:53:09 [553] [FE0] Set Voltage off
2023-01-05 17:53:09 [553] [FE1] . o ( Enabling Standby ) o .
2023-01-05 17:53:09 [553] [FE1] Set Voltage off

Sundtek

  • Administrator
  • Hero Member
  • *****
  • Beiträge: 8387
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #22 am: Januar 05, 2023, 07:56:40 Nachmittag »
lxc.cgroup2.devices.allow = c 212:* rwm
lxc.cgroup2.devices.allow = c 250:* rwm
lxc.cgroup2.devices.allow = c 189:* rwm
lxc.mount.entry = /dev/dvb dev/dvb none bind,optional,create=dir
lxc.mount.entry = /dev/bus/usb dev/bus/usb none bind,optional,create=dir
lxc.mount.entry = /srv/tvheadend srv none bind,optional,create=dir

hast Du diese Settings irgendwo festgelegt?

Soweit ich dass das letzte mal gemacht habe, habe ich sicher keine existierenden dvb Nodes vom Host im LXC Container übernommen.

Der Treiber muss als root gestartet werden (damit er Zugriff auf IPC und Shared Memory bekommt - normale User können üblicherweise keine Shared Memory Segmente anlegen - sie können aber darauf zugreifen).
« Letzte Änderung: Januar 05, 2023, 08:06:21 Nachmittag von Sundtek »
Failure is a good thing! I'll fix it

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #23 am: Januar 05, 2023, 09:05:14 Nachmittag »
wofür die cgroup 250 ? die habe ich nirgendwo gesehen bisher und es rennt auch so ...

ich setzte /dev/dvb und /dev/sundtek auf dem host hiermit auf:

root@odroidh2:~# cat sundtek.sh
#!/bin/bash

mkdir -p /dev/dvb/adapter0
mknod /dev/dvb/adapter0/frontend0 c 212 1
mknod /dev/dvb/adapter0/dvr0 c 212 5
mknod /dev/dvb/adapter0/demux0 c 212 3
mkdir -p /dev/dvb/adapter1
mknod /dev/dvb/adapter1/frontend0 c 212 7
mknod /dev/dvb/adapter1/dvr0 c 212 11
mknod /dev/dvb/adapter1/demux0 c 212 9
mkdir -p /dev/dvb/adapter2
mknod /dev/dvb/adapter2/frontend0 c 212 13
mknod /dev/dvb/adapter2/dvr0 c 212 17
mknod /dev/dvb/adapter2/demux0 c 212 15

mkdir -p /dev/sundtek
chmod 777 /dev/sundtek
chmod 777 /dev/bus/usb/001/004
root@odroidh2:~#

ggf kann man die unterverzeichnisse weglassen, trotzdem motzt mediasrv das es diese nicht anlegen kann und dann sind die doch da
kannst du mir noch sagen woher mediasrv gestartet wird ich finde das zum verrecken nicht

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #24 am: Januar 05, 2023, 09:06:23 Nachmittag »
root@odroidh2:/home/simon/.local/share/lxc/tvh# cat config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --keyserver hkp://keyserver.ubuntu.com:80
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = linux64

# Container specific configuration
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_nesting = 1
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.rootfs.path = dir:/home/simon/.local/share/lxc/tvh/rootfs
lxc.uts.name = tvh

# automatically start containers on boot
lxc.start.auto = 1
#lxc.start.delay = 5
#lxc.start.order = 1

# Network configuration
#lxc.net.0.type = empty
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br-iot
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:18:3e:12:34:56

#sundtek DVB
lxc.cgroup2.devices.allow = c 212:* rwm
lxc.cgroup2.devices.allow = c 189:* rwm
#lxc.cgroup2.devices.allow = c 250:* rwm

lxc.mount.entry = /dev/sundtek dev/sundtek none bind,optional,create=dir
lxc.mount.entry = /dev/dvb dev/dvb none bind,optional,create=dir
#lxc.mount.entry = /dev/bus/usb dev/bus/usb none bind,optional,create=dir
lxc.mount.entry = /dev/bus/usb/001/004 dev/bus/usb/001/004 none bind,optional,create=file

lxc.mount.entry = /mnt/tosh3gb-a/tvh_record home/tvh/records none bind 0 0
root@odroidh2:/home/simon/.local/share/lxc/tvh#

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #25 am: Januar 06, 2023, 12:22:56 Nachmittag »
Also hier mein Setup was funktioniert (und deutlich anders ist als die Anleitung).

1. unpriviligierten LXC container mit debian bullseye anlegen
2. Auf dem Host die /dev/dvb /dev/sundtek einträge anlegen mit folgendem Skript, bei jedem boot vorgang:

#!/bin/bash

mkdir -p /dev/dvb/adapter0
mknod /dev/dvb/adapter0/frontend0 c 212 1
mknod /dev/dvb/adapter0/dvr0 c 212 5
mknod /dev/dvb/adapter0/demux0 c 212 3
mkdir -p /dev/dvb/adapter1
mknod /dev/dvb/adapter1/frontend0 c 212 7
mknod /dev/dvb/adapter1/dvr0 c 212 11
mknod /dev/dvb/adapter1/demux0 c 212 9
mkdir -p /dev/dvb/adapter2
mknod /dev/dvb/adapter2/frontend0 c 212 13
mknod /dev/dvb/adapter2/dvr0 c 212 17
mknod /dev/dvb/adapter2/demux0 c 212 15

mkdir -p /dev/sundtek
chmod 777 /dev/sundtek
chmod 777 /dev/bus/usb/001/004

3. auf dem LXC container die sundtek_netinst.sh ausführen
4. das automatische ausführen von dem sundtek service per systemd deaktivieren ! ( wir brauchen andere parameter und starten mediasrv manuell )
systemctl disable sundtek   ( ist in /lib/systemd/system/sundtek.service
5. wie auch immer (systemd oder cron) mediasrv mit folgenden parameters beim booten ausführen:
/opt/bin/mediasrv --wait-for-devices --no-nodes
-> no nodes verhindert das mediasrv versucht die dev nodes auf dem host selbst anzulegen
6. auf keinen fall tvheadend direkt starten , ich warte 60s bevor tvheadend gestartet wird sonst gibts ärger mit der DVB device erkennung. ich nutze auch ein selbst kompiliertes , nicht per make install installiertes  ( also wurde vom installer auch nicht das tvheadend.bin frisiert )

#!/bin/bash

/bin/sleep 60
export LD_PRELOAD=/opt/lib/libmediaclient.so
/home/tvh/tvheadend/build.linux/tvheadend -S -C -p /run/tvheadend.pid -u tvh -g video

kann auch wieder per cronjob beim boot gemacht werden


--> ich bin mit dem setup so nicht zufrieden weil zB das Zusammenspiel (oder das Problem) von mediasrv und tvheadend nicht geklärt ist. auch ist nicht geklärt warum das anlegen der devicenodes ärger macht, selbst wenn chown / chmod alles aufmacht.


hier für die vollständigkeit noch meine container config:

# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --keyserver hkp://keyserver.ubuntu.com:80
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = linux64

# Container specific configuration
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_nesting = 1
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.rootfs.path = dir:/home/simon/.local/share/lxc/tvh/rootfs
lxc.uts.name = tvh

# automatically start containers on boot
lxc.start.auto = 1
#lxc.start.delay = 5
#lxc.start.order = 1

# Network configuration
#lxc.net.0.type = empty
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br-iot
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:18:3e:12:34:56

#sundtek DVB
lxc.cgroup2.devices.allow = c 212:* rwm
lxc.cgroup2.devices.allow = c 189:* rwm
#lxc.cgroup2.devices.allow = c 189:3 rwm
#lxc.cgroup2.devices.allow = c 250:* rwm

lxc.mount.entry = /dev/sundtek dev/sundtek none bind,optional,create=dir
lxc.mount.entry = /dev/dvb dev/dvb none bind,optional,create=dir
lxc.mount.entry = /dev/bus/usb dev/bus/usb none bind,optional,create=dir
#lxc.mount.entry = /dev/bus/usb/001/004 dev/bus/usb/001/004 none bind,optional,create=file

lxc.mount.entry = /mnt/tosh3gb-a/tvh_record home/tvh/records none bind 0 0


ich würde dsa gerne mit dem Sundtek support weiter bearbeiten und die offenen Punkte abgrasen, s.o.

Simon78

  • Newbie
  • *
  • Beiträge: 18
    • Profil anzeigen
Re: SkyTv Ultimate Dual + LXC unpriviliged
« Antwort #26 am: Januar 10, 2023, 10:13:07 Vormittag »
Hallo,

mit welchen Rechten bzw cgroups muss die Struktur unter /dev/sundtek ausgestattet werden ? Mir ist nicht ganz klar welche major minor nummern verwendet werden müssen.

Ich habe noch mehr Hinweise gefunden das mknod mit unpriviligierten LXC Containern nicht geht , da die CAP_MKNOD berechtigung fehlt:
https://lists.linuxcontainers.org/pipermail/lxc-users/2017-November/013878.html

MfG