1. dragon2611

    dragon2611 Member

    Joined:
    Jul 2, 2010
    Messages:
    48
    Likes Received:
    1
    It seems the default configuration blocks NFS mounts from within the LXC containers

    Although thankfully easy enough to fix.

    On the proxmox host

    add

    mount fstype=nfs,

    to


    /etc/apparmor.d/lxc/lxc-default-with-mounting

    then reload apparmor
    service apparmor reload

    Edit:

    Werid this worked yesterday, but to get it to work again today I had to add that to lxc-default as well.
     
    #1 dragon2611, Oct 3, 2015
    Last edited: Oct 4, 2015
  2. hregis

    hregis Member

    Joined:
    Feb 11, 2011
    Messages:
    37
    Likes Received:
    0
    thank you a lot !! :p
     
  3. lince

    lince Member

    Joined:
    Apr 10, 2015
    Messages:
    78
    Likes Received:
    3
    I can confirm this for proxmox 4.1.

    I tried adding mount fstype=nfs in lxc-default-with-mounting and it doesn't work.

    Adding the same config in lxc-default works like a charm.

    Is this a bug ? is the file with-mounting not being included ?
     
    bizzarrone likes this.
  4. Andrei ZeeGiant

    Andrei ZeeGiant New Member

    Joined:
    May 17, 2017
    Messages:
    7
    Likes Received:
    0
    Worked fine for me on Proxmox 4.4 in `/etc/apparmor.d/lxc/lxc-default-with-mounting` using:

    mount fstype=nfs*,
     
  5. gsupp

    gsupp Member

    Joined:
    Jun 27, 2017
    Messages:
    38
    Likes Received:
    14
    For mounting NFS file systems and running nfs-server from within a LXC container on Proxmox 5:

    Code:
    sed -i '$ i\  mount fstype=nfs,\n  mount fstype=nfs4,\n  mount fstype=nfsd,\n  mount fstype=rpc_pipefs,' /etc/apparmor.d/lxc/lxc-default-cgns && systemctl reload apparmor
     
    Ladegro, si458, Ricky88 and 1 other person like this.
  6. upnort

    upnort Member
    Proxmox VE Subscriber

    Joined:
    Apr 26, 2018
    Messages:
    67
    Likes Received:
    3
    Thanks for the info!

    I need to support NFS in an LXC container. What are the security implications of creating this apparmor profile?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice