Mount a block device like HDD inside an LXC container (specifically in proxmox 4)

lxc_mount_block_device

Mounting block device in lxc (specifically Proxmox 4)

1. Find devices' major & minor ID (need both dev + partition for HDD)
# ls -al /dev/sda
brw-rw---- 1 root disk 8, 0 Dec 19 11:16 /dev/sda1
# ls -al /dev/sda1
brw-rw---- 1 root disk 8, 1 Dec 19 11:16 /dev/sda1

That's 8,0 for sda and 8,1 for sda1

2. add the following to container conf file: (see man pct.conf, /etc/pve/lxc for proxmox)

lxc.aa_profile = lxc-container-default-with-mounting
lxc.cgroup.devices.allow = b 8:0 rwm
lxc.cgroup.devices.allow = b 8:1 rwm

3. Make sure apparmor will allow your configuration
in /etc/apparmor.d/lxc/lxc-container-default-with-mounting
 ...
 mount options=(rw, bind),
 mount fstype=[desired fstype], (e.g. ext4, ext*, nfs, btrfs etc.)
 ...

Reload apparmor:
/etc/init.d/apparmor reload

4. You need to make a node in the container to see the device (do in container)
# mknod -m 666 /dev/sda b 8 0
# mknod -m 666 /dev/sda1 b 8 1

But that isn't persistent;
So create /var/lib/lxc/${VMID}/mount-hook.sh (on the host)
Add the commands to the script:

#!/bin/sh
mknod -m 777 ${LXC_ROOTFS_MOUNT}/dev/sda b 8 0
mknod -m 777 ${LXC_ROOTFS_MOUNT}/dev/sda1 b 8 1

Make executable! (chmod +x)
Then extend the container conf file with the script to autorun:

lxc.autodev: 1
lxc.hook.autodev: /var/lib/lxc/${VMID}/mount-hook.sh

According to this, lxc.aa_profile is deprecated and was renamed to lxc.apparmor.profile:
https://forum.proxmox.com/threads/lxc-aa_profile-is-deprecated-and-was-renamed-to-lxc-apparmor-profile.38505/

Why is the mknod in the container 666 and the mknod on the host hook 777?

Is there anyway to do this by UUID?