Trying to understand better

[luckylinux]

Hi,

I discovered this Community Project a while ago and I think it's a great Idea !

It's also very sad to learn that the Original Creator passed away. Very sad story 😭.

I'm trying to understand a bit better what this Project is doing/can do.

I'm getting used to play with Containers. I typically use podman rootless either directly on the Host (Proxmox VE, needed if I cannot use PCIe Passthrough due to e.g. IOMMU Groups) or in a KVM Virtual Machine (Fedora typically, so I can use Podman 5.x). And a Typical podmanserver Host of mine includes say 1 to more than 20 Containers Running.

I know that installing podman directly on the Host isn't officially Supported nor Reccomended, but I also know for a Fact (been there, tried that), that doing a "double rootless" podman Setup isn't going to work easily if at all (UID Mappings Issue).

Therefore the possible approaches appear to be:

• LXC Unprivileged + Podman Privileged (Rootfull)
• (Discouraged for Security Reasons) LXC Privileged + Podman Unprivileged (Rootless)

Already when using Unprivileged LXC, UID Mappings are a Nightmare. Let alone when a Container needs to access a PCIe Devices (e.g. Hailo8L Accelerator or AMD GPU for frigate).

So how does this Project (which I assume relies on LXC Unprivileged + Docker Rootfull / with sudo Access) achieve this Functionality ? I assume you do 1 LXC Container per "Application", but how do you really solve this UID Mapping Issue ?

For reference I played a bit with UID Mappings based on some Tutorials I could find on a few Proxmox VE Forums Threads, but I ended up with LXC Containers which refused to start 😕.