[SOLVED] lxc.aa_profile is deprecated and was renamed to lxc.apparmor.profile

[Rob Loan]

I have a container with an AppArmor profile containing mount fstype=cifs, and included the profile in
/etc/pve/lxc/<ID>.conf as

lxc.aa_profile: lxc-container-default-with-cifs

when I start the container in pve 5.1 I get:

lxc.aa_profile is deprecated and was renamed to lxc.apparmor.profile

so I changed lxc.aa_profile to lxc.apparmor.profile and the container failed to start. I do see a new process in aa-status when I start the container, so it sort of looks like its trying to work.

How do I mount a cifs vol in a pve 5.1 container ?

Rob

 

[ca_maer]

We had the same error and changing it to lxc.apparmor.profile fixed our issue. Here are our settings so you can compare.

/etc/apparmor.d/lxc/lxc-default-with-cifs

# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-with-cifs flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>

  # the container may never be allowed to mount devpts.  If it does, it
  # will remount the host's devpts.  We could allow it to do it with
  # the newinstance option (but, right now, we don't).
  deny mount fstype=devpts,
  mount fstype=cifs,
  mount fstype=rpc_pipefs,
  mount fstype=cgroup -> /sys/fs/cgroup/**,
}

Parse the profiles

apparmor_parser -r /etc/apparmor.d/lxc-containers

Change the container config

lxc.apparmor.profile: lxc-container-default-with-cifs

 

[Rob Loan]

Thanks for your lxc.apparmor.profile, all I have is "mount fstype=cifs," and it worked when I added a mount option of vers=1.0

for google:

No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.