is it possible to access the contents of an ISO from inside an LXC container?

jvsteenb

New Member
Oct 26, 2015
12
0
1
Hello all,

First of all: what a great product ! Just upgraded to PVE 4.0 a couple of days ago, and I think it really rocks!

Still, I'm experiencing some problems, most likely caused by my lack of knowledge - hope anyone can help out.

I'm trying to setup a PXE server from inside a container. It's a standard Ubuntu 15.04 amd64 container.
It would be very helpful to be able to mount an ISO from inside the container. The ISO is already inside the container, but I don't seem to have the permission to mount it.
"failed to setup loop device: Operation not permitted"

Is there a way to circumvent this?

Thanks in advance for any help !

Regards,

Job
 
Is there a way to circumvent this?

I have a patch here which would allow to mount the iso from the host. Then you can do:

# pct set <VMID> --mp0 local:iso/debian-testing-amd64-netinst.iso,mp=/mnt/test

would that help?
 
Well yes, that would certainly help. But am I correct in assuming that the ISO would have to be made available outside the container, instead of inside ?

Regards,

Job
 
Ideally, I would like to be able to mount an ISO from inside the container, but that doesn't seem possible?

Regards,

Job
 
Ideally, I would like to be able to mount an ISO from inside the container, but that doesn't seem possible?

mount is disabled by default with apparmor. But you can run the container with different apparmor profile by adding:

lxc.aa_profile: lxc-default-with-mounting
 
Ah. That would be just what I need, I guess. But could you enlighten me about which file I have to modify for that? My linux expertise is more or less non-existent and I tried to find out for myself, but failed, I'm afraid.

By the way: sorry for not reacting sooner - my DSL connection crashed.
And suddenly staying silent might seem somewhat rude, since you've been reacting so swiftly. So apologies for that.

Regards,

Job
 
Is there something else I need to do besides adding " lxc.aa_profile: lxc-default-with-mounting " to the .conf file and stopping and starting the container?
I tried that, and the container starts without any error in the gui, only to remain stopped as a result.
It took a while before I could access the console on the PVE host as well, maybe related?

Am I missing something?

Regards,

Job
 
sorry, the profile is called 'lxc-container-default-with-mounting', so you need to add:

lxc.aa_profile: lxc-container-default-with-mounting
 
but wait, this just allows ext*,xfs and btrfs, so this will not work for loop mounted iso file. Also, accessing loop device is considered dangerous inside containers, so this will not work at all.
 
Ah, OK. Well, that's too bad. So try for the patch to make the ISO available outside the container then?

Regards,

Job
 
Thanks, that looks like it should do the trick - and sorry to bother you again, but can I simply do an apt-get update or something? Please excuse my inorance...

Regards,

Job
 
Thanks, that looks like it should do the trick - and sorry to bother you again, but can I simply do an apt-get update or something? Please excuse my inorance...

Currently not. You need toö wait until we upload it to the official repository.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!