Block Device Passthrough to Docker guest on Proxmox LXC

I run Proxmox on my homelab server, with one of my LXC's running a docker engine with all of my smallworkloads.

Recetnly, I needed to pass through block devices (/dev/sda , etc) to a docker container so that I could monitor SMART status (using scrutiny).

Since the docker engine is running on an LXC, this had some small challenges. We can solve them with some clever mapping in two places.

Solution

Part 1: Set up mounts on the proxmox host

Edit the appropriate LXC file on your proxmox host, and add a mount point for /dev

# vim /etc/pve/lxc/106.conf
mp4: /dev,mp=/mnt/dev # add this line at the bottom of your file

Part 2: Map the block devices back into docker

On our docker guest, we now have the /mnt/dev endpoint with all of our host devices under it.

Note: this is incredibly insecure, and should only be done to completely trusted systems.

We don't want to mount to /dev inside the guest, as that would clobber the exisitng /dev mounts and cause various problems.

Now, inside our docker compose we can add the devices mappings back to the expected paths:

# https://github.com/AnalogJ/scrutiny
version: '3.4'
services:
  collector:
    image: 'ghcr.io/analogj/scrutiny:master-collector'
    cap_add:
      - SYS_RAWIO
      - SYS_ADMIN
    volumes:
      - '/run/udev:/run/udev:ro'
    environment:
      COLLECTOR_API_ENDPOINT: 'http://your.endpoint'
    devices:
      - "/mnt/dev/sda:/dev/sda" # map the device back in