LXC apparmor denied

Apr 8, 2016
8
0
1
Bordeaux
Hi,
I just updated to Proxmox VE 5.2-11 (from 5.2-8).
Everything was normal before, for a long time.
Several of my containers are mounting NFS directories.
After reboot mounting failed with the following message :
mount.nfs: access denied by server while mounting 10.8.2.2:/directory
and the logs say :
audit: type=1400 audit(1543500331.583:14): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-101_</var/lib/lxc>" name="/directory" pid=23134 comm="mount.nfs" fstype="nfs" srcname="10.8.42.2:/directory"
I can't fix this issue searching the forum…
Can somebody help me ?
Thanks for your attention
 

wbumiller

Proxmox Staff Member
Staff member
Jun 23, 2015
645
84
28
The above shows a generated profile (`lxc.apparmor.profile = generated`, the new default when no custom apparmor profile is found in /etc/pve/lxc/$vmid.conf) which means that you either had the profile previously configured in /var/lib/lxc/$vmid/config manually and started with `lxc-start`, or something else was going on.
In any case, with an up-to-date pve you should be able to just tick the 'NFS' checkbox in the 'Features' field of the container's 'Options' in the ui, or run `pct set $vmid --features mount=nfs`.
 

Karpiu

New Member
Sep 26, 2016
8
0
1
35
Poland
I don't have NFS checkbox in containers Options I had to add this by pct set .... Is it normal?
 
Apr 8, 2016
8
0
1
Bordeaux
Hi Karpiu,
Just select your container in the list.
Choose “Options” and then at the end “Features”.
In the panel then, when you ”Edit”, you can enable NFS.

Best,
Serge
 

Karpiu

New Member
Sep 26, 2016
8
0
1
35
Poland
Hi Serge,
Unfortunately "edit" in my options is gray, I can't enable NFS. It's fresh containter without manual modification.
Today I upgraded to 5.3 but on 5.2 was the same.

Thanks
 

Attachments

wbumiller

Proxmox Staff Member
Staff member
Jun 23, 2015
645
84
28
Only root can change feature flags.
 

Karpiu

New Member
Sep 26, 2016
8
0
1
35
Poland
That explain everything, thanks. This is really nice feature, I just wait to add edit access even for admins.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!