nfs-server inside LXC

Discussion in 'Proxmox VE: Installation and configuration' started by MasterTH, Jan 25, 2016.

  1. MasterTH

    MasterTH Member

    Joined:
    Jun 12, 2009
    Messages:
    184
    Likes Received:
    3
    Hi,

    i couldn't find a solution for running a nfs-server inside a lxc-container. (proxmox4.1)
    Is there a workaround?

    kind regards
    MasterTH
     
  2. MasterTH

    MasterTH Member

    Joined:
    Jun 12, 2009
    Messages:
    184
    Likes Received:
    3
    little push
     
  3. udo

    udo Well-Known Member
    Proxmox VE Subscriber

    Joined:
    Apr 22, 2009
    Messages:
    5,736
    Likes Received:
    150
    Hi,
    where is the problem? I had an openvz nfs server at home, which I converted to lxc via backup/restore.

    Work...
    Code:
    root@fileserver:~# dpkg -l | grep nfs
    ii  libnfsidmap2  0.23-2  An nfs idmapping library
    ii  nfs-common  1:1.2.2-4squeeze2  NFS support files common to client and server
    ii  nfs-kernel-server  1:1.2.2-4squeeze2  support for NFS kernel server
    root@fileserver:~# df -h
    Filesystem  Size  Used Avail Use% Mounted on
    /dev/loop0  2.0T  1.8T  79G  96% /
    none  100K  0  100K  0% /dev
    cgroup  12K  0  12K  0% /sys/fs/cgroup
    tmpfs  3.9G  0  3.9G  0% /sys/fs/cgroup/cgmanager
    tmpfs  3.9G  0  3.9G  0% /lib/init/rw
    tmpfs  3.9G  0  3.9G  0% /dev/shm
    
    The config looks not special
    Code:
    root@pve1:/etc/pve/lxc# more 100.conf
    arch: i386
    cpulimit: 1
    cpuunits: 1024
    hostname: fileserver.domain.de
    memory: 768
    net0: bridge=vmbr0,hwaddr=32:66:35:33:34:38,ip=dhcp,name=eth0,type=veth
    onboot: 1
    ostype: debian
    rootfs: pve_local:100/vm-100-disk-1.raw,size=2T
    swap: 1280
    lxc.aa_profile: unconfined
    
    Udo
     
  4. wbumiller

    wbumiller Proxmox Staff Member
    Staff Member

    Joined:
    Jun 23, 2015
    Messages:
    631
    Likes Received:
    73
    That is special.

    The usual NFS daemon on linux uses a kernel side implementation and thus a regular LXC container cannot use it (and this is unlikely to change, ever).
    The only way to allow it is to either create a special AppArmor profile with all the required privileges or disable AppArmor like the above poster.
    This however pretty much disables security measures and so I strongly recommend to NOT run any untrusted services or users in the same container. It is then merely a fancy-looking chroot environment combined with our storage subsystem.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice