Hii There,
So I'm switching my VMs to Containers (as containers seem to be the better choice at the moment).
However, one of my containers needs to mount a CIFS share (I know NFS is probably the better choice, but it's just for a Plex Media Server).
However, Apparmor denied mounting (which took me a while to figure out on it's own).
So, I edited the file
and added
And, ofcourse, reloaded the lxc configs with
Then I told the container to use profile
by adding the following line to my container's config:
And now the container won't start at all...
This is the config file for the container:
and the apparmor profile:
Anybody who has a clue on how to fix it?
Cheers
So I'm switching my VMs to Containers (as containers seem to be the better choice at the moment).
However, one of my containers needs to mount a CIFS share (I know NFS is probably the better choice, but it's just for a Plex Media Server).
However, Apparmor denied mounting (which took me a while to figure out on it's own).
So, I edited the file
Code:
/etc/apparmor.d/lxc/lxc-default-with-mounting
Code:
mount fstype=cifs,
Code:
apparmor_parser -r /etc/apparmor.d/lxc-containers
Code:
lxc-default-with-mounting
Code:
lxc.aa_profile: lxc-default-with-mounting
Code:
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
TASK ERROR: command 'lxc-start -n 106' failed: exit code 1
This is the config file for the container:
Code:
arch: amd64
cpulimit: 1
cpuunits: 1024
hostname: plexyglass
memory: 512
net0: bridge=vmbr0,hwaddr=36:34:63:36:61:35,ip=dhcp,ip6=dhcp,name=eth0,type=veth
ostype: debian
rootfs: NAS:106/vm-106-disk-1.raw,size=10G
swap: 1024
lxc.aa_profile: lxc-default-with-mounting
and the apparmor profile:
Code:
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc
profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>
# allow standard blockdevtypes.
# The concern here is in-kernel superblock parsers bringing down the
# host with bad data. However, we continue to disallow proc, sys, securityfs,
# etc to nonstandard locations.
mount fstype=ext*,
mount fstype=xfs,
mount fstype=btrfs,
mount fstype=cifs,
}
Anybody who has a clue on how to fix it?
Cheers