From ba178bef5ee6af467668a4cdd52a3eceed73177a Mon Sep 17 00:00:00 2001
From: CanbiZ <47820557+MickLesk@users.noreply.github.com>
Date: Mon, 28 Jul 2025 09:01:53 +0200
Subject: [PATCH] validate render and video group

---
 misc/build.func | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/misc/build.func b/misc/build.func
index ad84ec15..0b56a247 100644
--- a/misc/build.func
+++ b/misc/build.func
@@ -1218,16 +1218,24 @@ EOF
     done
     [[ -e /dev/fb0 ]] && VAAPI_DEVICES+=("/dev/fb0")
 
+    # Dynamically resolve group IDs
+    GID_VIDEO=$(getent group video | cut -d: -f3)
+    GID_RENDER=$(getent group render | cut -d: -f3)
+    [[ -z "$GID_VIDEO" ]] && GID_VIDEO=44 && msg_warn "'video' group not found, falling back to GID 44"
+    [[ -z "$GID_RENDER" ]] && GID_RENDER=104 && msg_warn "'render' group not found, falling back to GID 104"
+
     if [[ "${#VAAPI_DEVICES[@]}" -eq 0 ]]; then
       :
     elif [[ "${#VAAPI_DEVICES[@]}" -eq 1 && "$CT_TYPE" == "0" ]]; then
       # Privileged + 1 device → silent passthrough
       device="${VAAPI_DEVICES[0]}"
-      major_minor=$(stat -c '%t:%T' "$device" | awk -F: '{ printf "%d:%d", "0x"$1, "0x"$2 }')
-      echo "lxc.cgroup2.devices.allow: c $major_minor rwm" >>"$LXC_CONFIG"
-      echo "lxc.mount.entry: $device $device none bind,optional,create=file" >>"$LXC_CONFIG"
+      if ! major_minor=$(stat -c '%t:%T' "$device" 2>/dev/null | awk -F: '{ printf "%d:%d", "0x"$1, "0x"$2 }'); then
+        msg_warn "Could not stat $device – skipping passthrough."
+      else
+        echo "lxc.cgroup2.devices.allow: c $major_minor rwm" >>"$LXC_CONFIG"
+        echo "lxc.mount.entry: $device $device none bind,optional,create=file" >>"$LXC_CONFIG"
+      fi
     else
-      # Display info message
       whiptail --title "VAAPI passthrough" --msgbox "\
 VAAPI passthrough has been enabled for this container.
 
@@ -1250,12 +1258,14 @@ You will now be prompted to select which VAAPI devices should be passed through.
         for dev in $SELECTED_DEVICES; do
           dev=$(sed 's/"//g' <<<"$dev")
           if [[ "$CT_TYPE" == "0" ]]; then
-            major_minor=$(stat -c '%t:%T' "$dev" | awk -F: '{ printf "%d:%d", "0x"$1, "0x"$2 }')
+            if ! major_minor=$(stat -c '%t:%T' "$dev" 2>/dev/null | awk -F: '{ printf "%d:%d", "0x"$1, "0x"$2 }'); then
+              msg_warn "Could not stat $dev – skipping."
+              continue
+            fi
             echo "lxc.cgroup2.devices.allow: c $major_minor rwm" >>"$LXC_CONFIG"
             echo "lxc.mount.entry: $dev $dev none bind,optional,create=file" >>"$LXC_CONFIG"
           else
-            # Unprivileged: use devX: with proper GID
-            GID=$([[ "$dev" =~ render ]] && echo "104" || echo "44")
+            GID=$([[ "$dev" =~ render ]] && echo "$GID_RENDER" || echo "$GID_VIDEO")
             echo "dev${IDX}: $dev,gid=${GID}" >>"$LXC_CONFIG"
             IDX=$((IDX + 1))
           fi