[SOLVED] Lxc unprivileged - mount from /etc/fstab file

[michaelj]

Hi Community,

I don't know if it's possible but I'm trying to add an nfs mountpoint in my container via the /etc/fstab file.

This one is not mounted when starting the container, if I run manually /bin/mount -a, I have the following error: mount.nfs: Operation not permitted

Host server logs :

Jul 22 17:46:02 audit [8063]: AVC apparmor = "DENIED" operation = "mount" info = "failed flags match" error = -13 profile = "/ usr / bin / lxc-start" name = " / proc / sys / kernel / random / boot_id "pid = 8063 comm =" lxc-start "srcname =" / dev / .lxc-boot-id "flags =" rw, bind "
Jul 22 17:46:02 kernel: audit: type = 1400 audit (1595432762.687: 227): apparmor = "DENIED" operation = "mount" info = "failed flags match" error = -13 profile = "/ usr / bin / lxc-start "name =" / proc / sys / kernel / random / boot_id "pid = 8063 comm =" lxc-start "srcname =" / dev / .lxc-boot-id "flags =" rw, bind "

I know i can mount the nfs through the host server but that's not what i want.

/etc/fstab file :

x.x.x.x:/zpool-xxxx/folder /folder nfs rw 0 0

This is my lxc config file :

arch: amd64
cpulimit: 4
cpuunits: 1024
features: nesting=1
hostname: xxx
memory: 3096
mp0: /apps/scripts,mp=/apps/scripts
mp1: /share,mp=/share
nameserver: 172.xxx
net0: name=eth3,bridge=vmbr2,hwaddr=A2:A9:02:9E:B7:65,ip=172.25.2.7/16,type=veth
onboot: 1
ostype: debian
rootfs: zfs-storage:subvol-523-disk-1,size=23G
searchdomain: xx
swap: 256
unprivileged: 1
lxc.prlimit.nofile: 65536

I specify that without the unprivileged mode, the mountpoint works.

Regards.

 

[Stoiko Ivanov]

AFAIR NFS is not user-namespace aware - and hence does not work inside unprivileged containers.

 

[michaelj]

Hi Stoiko,

Thanks for your answer, so the only solution is to mount through the host ?

Regards.

 

[Stoiko Ivanov]

Thanks for your answer, so the only solution is to mount through the host ?

or use a privileged container with the NFS-feature enabled

 

[adrian_vg]

or use a privileged container with the NFS-feature enabled

Got the privileged container thing sorted, but can't see anything anywhere about enabling NFS-feature.
Where do I find that?

Thanks.

 

[adrian_vg]

Never mind, found it!
Attaching a screen dump for other people who get lost like me in the GUI.

The fstab-mounting worked like a charm BTW upon reboot.
Thanks for setting me on the right track @Stoiko Ivanov !