LXC apparmor denied

S

Serge M

New Member
Proxmox Subscriber
Apr 8, 2016
8
0
1
Bordeaux
Hi,
I just updated to Proxmox VE 5.2-11 (from 5.2-8).
Everything was normal before, for a long time.
Several of my containers are mounting NFS directories.
After reboot mounting failed with the following message :
mount.nfs: access denied by server while mounting 10.8.2.2:/directory
and the logs say :
audit: type=1400 audit(1543500331.583:14): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-101_</var/lib/lxc>" name="/directory" pid=23134 comm="mount.nfs" fstype="nfs" srcname="10.8.42.2:/directory"
I can't fix this issue searching the forum…
Can somebody help me ?
Thanks for your attention
 
The above shows a generated profile (`lxc.apparmor.profile = generated`, the new default when no custom apparmor profile is found in /etc/pve/lxc/$vmid.conf) which means that you either had the profile previously configured in /var/lib/lxc/$vmid/config manually and started with `lxc-start`, or something else was going on.
In any case, with an up-to-date pve you should be able to just tick the 'NFS' checkbox in the 'Features' field of the container's 'Options' in the ui, or run `pct set $vmid --features mount=nfs`.
 
Hi Serge,
Unfortunately "edit" in my options is gray, I can't enable NFS. It's fresh containter without manual modification.
Today I upgraded to 5.3 but on 5.2 was the same.

Thanks
 

Attachments

  • Spectacle.T13817.png
    Spectacle.T13817.png
    40.6 KB · Views: 45
Only root can change feature flags.
 
That explain everything, thanks. This is really nice feature, I just wait to add edit access even for admins.
 
You must log in or register to reply here.
Top Bottom