[SOLVED] Mounting NFS in LXC not working since latest update

Discussion in 'Proxmox VE: Installation and configuration' started by karnz, Oct 10, 2018.

  1. karnz

    karnz Member

    Joined:
    Nov 23, 2015
    Messages:
    34
    Likes Received:
    0
    I just updated PVE kernel,container to the latest version last night, then NFS mounting in LXC not working anymore.

    Package updated
    I was used the way adding below code to /etc/apparmor.d/lxc/lxc-default-cgns and it works for long time ago but after updated, it's not working.

    Log shows different than previous version.

    PVE Version

    I tried to add the same code from lxc-default-cgns to
    /var/lib/lxc/116/apparmor/lxc-116_<-var-lib-lxc> but still not working too.

    Anyway possible to mount NFS in LXC again?
     
  2. karnz

    karnz Member

    Joined:
    Nov 23, 2015
    Messages:
    34
    Likes Received:
    0
    Fixed.

    It has to add profile "lxc.apparmor.profile: lxc-container-default-cgns" to each LXC ID config file.
     
  3. Dwain

    Dwain New Member

    Joined:
    Jul 13, 2018
    Messages:
    6
    Likes Received:
    3
    Hi Karnz,

    I'm trying to follow what you did but I don't get it.
    You said to add profile "lxc.apparmor.profile: lxc-container-default-cgns" to each LXC ID config file.

    Do you mean to go to /var/lib/lxc/<conatiner number> container and edit the config file by adding this to the end of the config file
    lxc.apparmor.profile: lxc-container-default-cgns or is there something I'm missing?

    I'm experiencing this same issue after a kernel update. I'm on versioin 5.2-9

    Thanks,
    Dwain
     
  4. karnz

    karnz Member

    Joined:
    Nov 23, 2015
    Messages:
    34
    Likes Received:
    0
    Yes, add it to the end of config file, but config directory is /etc/pve/lxc/
     
  5. Dwain

    Dwain New Member

    Joined:
    Jul 13, 2018
    Messages:
    6
    Likes Received:
    3
    Hi Karnz,

    That worked. I added the configuration to all my lxc's that needs it restarted the container to the config can be loaded and my nfs mounts are now mounted.

    Many thanks to you!
    Dwain
     
    karnz likes this.
  6. Dwain

    Dwain New Member

    Joined:
    Jul 13, 2018
    Messages:
    6
    Likes Received:
    3
    Update Nov 1st 2018:
    During my monthly server maintenance, I ran into this error again and found a similar solution.

    Instead of adding the below and entry into each lxc container to allow NFS mounting due to apparmor security:
    /etc/pve/lxc/<lxcname>.conf
    lxc.apparmor.profile: lxc-container-default-cgns


    The right config is to enable the nesting features into each lxc container. I replaced all my entries with the below and I'm able to mount NFS again:
    /etc/pve/lxc/<lxcname>.conf
    features: nesting=1

    Reference link to this:
    https://forum.proxmox.com/threads/lxc-security-nesting.44726/#post-224873
     
    Jens Kl and madralphw like this.
  7. karnz

    karnz Member

    Joined:
    Nov 23, 2015
    Messages:
    34
    Likes Received:
    0
    Thanks for update. I tried to add "features: nesting=1" to my LXC config and it works for me too :)
     
  8. madralphw

    madralphw New Member

    Joined:
    Dec 3, 2014
    Messages:
    5
    Likes Received:
    0
    Perfect!! Thanks ;-)
     
  9. CharlesErickT

    CharlesErickT Member

    Joined:
    Mar 15, 2017
    Messages:
    52
    Likes Received:
    5
    Now you can just enable NFS/CIFS mounting from the webui under Options-Feature instead of enabling nesting
     
  10. lagomorph42

    lagomorph42 New Member

    Joined:
    Mar 6, 2017
    Messages:
    1
    Likes Received:
    0
    Enabling this option worked for me.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice