Hi
I want to use nfs inside lxc and i don't want to use a profile. but apply it to all my lxc as default
and i don't know what is the default apparmor use with proxmox.
I add this to lxc-default and lxc-default-cgns :
mount fstype=nfsd,
mount fstype=nfs*,
But still not working.
when i use a profile like :
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc
profile lxc-container-default-with-nfsd flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>
# the container may never be allowed to mount devpts. If it does, it
# will remount the host's devpts. We could allow it to do it with
# the newinstance option (but, right now, we don't).
deny mount fstype=devpts,
mount fstype=nfsd,
mount fstype=nfs,
mount fstype=rpc_pipefs,
mount fstype=cgroup -> /sys/fs/cgroup/**,
}
it's work.
Can't you help me ?
Best regards
I want to use nfs inside lxc and i don't want to use a profile. but apply it to all my lxc as default
and i don't know what is the default apparmor use with proxmox.
I add this to lxc-default and lxc-default-cgns :
mount fstype=nfsd,
mount fstype=nfs*,
But still not working.
when i use a profile like :
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc
profile lxc-container-default-with-nfsd flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>
# the container may never be allowed to mount devpts. If it does, it
# will remount the host's devpts. We could allow it to do it with
# the newinstance option (but, right now, we don't).
deny mount fstype=devpts,
mount fstype=nfsd,
mount fstype=nfs,
mount fstype=rpc_pipefs,
mount fstype=cgroup -> /sys/fs/cgroup/**,
}
it's work.
Can't you help me ?
Best regards