Hi, i couldn't find a solution for running a nfs-server inside a lxc-container. (proxmox4.1) Is there a workaround? kind regards MasterTH
Hi, where is the problem? I had an openvz nfs server at home, which I converted to lxc via backup/restore. Work... Code: root@fileserver:~# dpkg -l | grep nfs ii libnfsidmap2 0.23-2 An nfs idmapping library ii nfs-common 1:1.2.2-4squeeze2 NFS support files common to client and server ii nfs-kernel-server 1:1.2.2-4squeeze2 support for NFS kernel server root@fileserver:~# df -h Filesystem Size Used Avail Use% Mounted on /dev/loop0 2.0T 1.8T 79G 96% / none 100K 0 100K 0% /dev cgroup 12K 0 12K 0% /sys/fs/cgroup tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup/cgmanager tmpfs 3.9G 0 3.9G 0% /lib/init/rw tmpfs 3.9G 0 3.9G 0% /dev/shm The config looks not special Code: root@pve1:/etc/pve/lxc# more 100.conf arch: i386 cpulimit: 1 cpuunits: 1024 hostname: fileserver.domain.de memory: 768 net0: bridge=vmbr0,hwaddr=32:66:35:33:34:38,ip=dhcp,name=eth0,type=veth onboot: 1 ostype: debian rootfs: pve_local:100/vm-100-disk-1.raw,size=2T swap: 1280 lxc.aa_profile: unconfined Udo
That is special. The usual NFS daemon on linux uses a kernel side implementation and thus a regular LXC container cannot use it (and this is unlikely to change, ever). The only way to allow it is to either create a special AppArmor profile with all the required privileges or disable AppArmor like the above poster. This however pretty much disables security measures and so I strongly recommend to NOT run any untrusted services or users in the same container. It is then merely a fancy-looking chroot environment combined with our storage subsystem.
