Thank you for the response.

Yes, these capabilities are necessary in order to run dpdk-testpmd inside a container. However, they are not sufficient.

I tried again with a 6.8 kernel and the Nvidia tools/libraries suite: "doca-host_3.1.0-091000-25.07-ubuntu2404_amd64.deb".

The log is more informative this time: "mlx5_common: DevX create TIS failed errno=121 status=0x3 syndrome=0x6a6678".

Do you have any idea how to investigate this issue, especially regarding "status" and "syndrome"?

On Mon, Aug 25, 2025 at 2:24 PM David Marchand <david.marchand@redhat.com> wrote:

On Mon, 25 Aug 2025 at 14:09, Julien <julien.marcin.tech@gmail.com> wrote:
>
> Hello,
> I have a question about using the mlx5 driver with LXC.
> I'm trying to use dpdk-testpmd in an LXC container whose root user isn't mapped to the host's root user.
> Note: The entire physical interface is given to the LXC container, not a virtual interface.
>
> The following error occured:
> mlx5_common: DevX create TIS failed errno=22 status=0 syndrome=0
> mlx5_net: Failed to create TIS 0/0 for [bonding] device mlx5_2.
> mlx5_net: TIS allocation failure
> mlx5_net: probe of PCI device 0000:27:00.0 aborted after encountering an error: Cannot allocate memory
> mlx5_common: Failed to load driver mlx5_eth
> EAL: Requested device 0000:27:00.0 cannot be used
> EAL: Bus (pci) probe failed.
>
> The "transport_domain" is created, and the mlx5_devx_cmd_create_td() function runs normally.
> The call to mlx5dv_devx_obj_create() receives an errno of 22.
>
> I don't encounter any problems when the container's root user is mapped to the host's root user.
> Has anyone experienced this before?
> Is it possible to use the driver in an unprivileged LXC container?

There is probably something missing in terms of capabilities.
I don't know how LXC behaves in this regard.

I suggest you look at "5.5.1.5. Run as Non-Root" in
https://doc.dpdk.org/guides/platform/mlx5.html.

--
David Marchand