LXC NFS PVE 4.2-60 (running kernel: 4.4.15-1-pve)

A

antoniormjr

Renowned Member
May 29, 2015
53
0
71
Brasil, RS, Gravataí
www.amartinstechnet.blogspot.com.br
Hello everyone, after updating my Proxmox to version 4.2-60 (running kernel: 4.4.15-1-pve) my LXC containers are not riding over NFS shares. Currently use the NFS mount adding fstype = nfs in /etc/apparmor.d/lxc/lxc-default-with-mounting and /etc/apparmor.d/lxc/lxc-default files.
The error that displays the LXC when trying to mount the NFS: mount-nfs: access denied by server while mounting
 
have you rebooted your host after updating to the new kernel?
 
I'm using [mount fstype=cifs] and [mount fstype=nfs] in custom apparmor profile and mounting nfs from fstab - everything working ok on 4.4.15-1
 
only [mount fstype=nfs] is needed. This looks like nfs server side error - look maybe there.
 
Zima when I change to another server Proxmox pve-manager: 4.2-2 (running version: 4.2-2 / 725d76f0) pve-kernel-3.19.8-1-pve: 3.19.8-3 NFS within the fstab my container it works correctly. For this reason I believe that is a BUG as yesterday updated my servers and today presented this problem. Thanks for listening.
 
Zima discovered the problem. I ran the following command (cat / var / log / messages | grep audit) and found the following error [Aug 9 17:49:15 server kernel: [64087.571679] audit: type = 1400 audit (1470775755.523: 62): apparmor = " DENIED "operation =" mount "info =" failed match type "error = -13 profile =" lxc-container-default-cgns "name =" / run / rpc_pipefs / "pid = 3078 comm =" mount "fstype =" rpc_pipefs "srcname =" sunrpc "flags =" ro "] added to [mount fstype = nfs in the xc-container-default-cgns file and it worked.
Good that on your server did not present the same mistake !
Thank you.
 
log from container without specified apparmor profile (no lxc.aa_profile: in container conf). I upgraded proxmox at 18:00 today

Aug 9 06:26:29 dreadnought kernel: [1548710.957186] audit: type=1400 audit(1470716789.218:485): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=56160 comm="mount" flags="ro, remount, relatime"

in new version we see:
Aug 9 23:17:03 dreadnought kernel: [10334.313232] audit: type=1400 audit(1470777423.458:44): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=8603 comm="mount" flags="ro, remount, relatime"

it looks like last update changed default apparmor profile from lxc-container-default to lxc-container-default-cgns. You wrote that you have nfs option in lxc-container-default but nfs stop working and in your logs we see the change of the profile name.

Why my nfs wasn't affected - beacuse i have my additional profile and option in container config overriding the default profile:
lxc.aa_profile: lxc-container-default-cifs-nfs
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back