nfs-server inside LXC

[MasterTH]

Hi,

i couldn't find a solution for running a nfs-server inside a lxc-container. (proxmox4.1)
Is there a workaround?

kind regards
MasterTH

 

[MasterTH]

little push

 

[udo]

Hi,

i couldn't find a solution for running a nfs-server inside a lxc-container. (proxmox4.1)
Is there a workaround?

kind regards
MasterTH

Hi,
where is the problem? I had an openvz nfs server at home, which I converted to lxc via backup/restore.

Work...

root@fileserver:~# dpkg -l | grep nfs
ii  libnfsidmap2  0.23-2  An nfs idmapping library
ii  nfs-common  1:1.2.2-4squeeze2  NFS support files common to client and server
ii  nfs-kernel-server  1:1.2.2-4squeeze2  support for NFS kernel server
root@fileserver:~# df -h
Filesystem  Size  Used Avail Use% Mounted on
/dev/loop0  2.0T  1.8T  79G  96% /
none  100K  0  100K  0% /dev
cgroup  12K  0  12K  0% /sys/fs/cgroup
tmpfs  3.9G  0  3.9G  0% /sys/fs/cgroup/cgmanager
tmpfs  3.9G  0  3.9G  0% /lib/init/rw
tmpfs  3.9G  0  3.9G  0% /dev/shm

The config looks not special

root@pve1:/etc/pve/lxc# more 100.conf
arch: i386
cpulimit: 1
cpuunits: 1024
hostname: fileserver.domain.de
memory: 768
net0: bridge=vmbr0,hwaddr=32:66:35:33:34:38,ip=dhcp,name=eth0,type=veth
onboot: 1
ostype: debian
rootfs: pve_local:100/vm-100-disk-1.raw,size=2T
swap: 1280
lxc.aa_profile: unconfined

Udo

 

[wbumiller]

lxc.aa_profile: unconfined

That is special.

The usual NFS daemon on linux uses a kernel side implementation and thus a regular LXC container cannot use it (and this is unlikely to change, ever).
The only way to allow it is to either create a special AppArmor profile with all the required privileges or disable AppArmor like the above poster.
This however pretty much disables security measures and so I strongly recommend to NOT run any untrusted services or users in the same container. It is then merely a fancy-looking chroot environment combined with our storage subsystem.