nfs-server inside LXC

MasterTH

Renowned Member
Jun 12, 2009
239
7
83
www.sonog.de
Hi,

i couldn't find a solution for running a nfs-server inside a lxc-container. (proxmox4.1)
Is there a workaround?

kind regards
MasterTH
 
Hi,

i couldn't find a solution for running a nfs-server inside a lxc-container. (proxmox4.1)
Is there a workaround?

kind regards
MasterTH
Hi,
where is the problem? I had an openvz nfs server at home, which I converted to lxc via backup/restore.

Work...
Code:
root@fileserver:~# dpkg -l | grep nfs
ii  libnfsidmap2  0.23-2  An nfs idmapping library
ii  nfs-common  1:1.2.2-4squeeze2  NFS support files common to client and server
ii  nfs-kernel-server  1:1.2.2-4squeeze2  support for NFS kernel server
root@fileserver:~# df -h
Filesystem  Size  Used Avail Use% Mounted on
/dev/loop0  2.0T  1.8T  79G  96% /
none  100K  0  100K  0% /dev
cgroup  12K  0  12K  0% /sys/fs/cgroup
tmpfs  3.9G  0  3.9G  0% /sys/fs/cgroup/cgmanager
tmpfs  3.9G  0  3.9G  0% /lib/init/rw
tmpfs  3.9G  0  3.9G  0% /dev/shm
The config looks not special
Code:
root@pve1:/etc/pve/lxc# more 100.conf
arch: i386
cpulimit: 1
cpuunits: 1024
hostname: fileserver.domain.de
memory: 768
net0: bridge=vmbr0,hwaddr=32:66:35:33:34:38,ip=dhcp,name=eth0,type=veth
onboot: 1
ostype: debian
rootfs: pve_local:100/vm-100-disk-1.raw,size=2T
swap: 1280
lxc.aa_profile: unconfined

Udo
 
lxc.aa_profile: unconfined
That is special.

The usual NFS daemon on linux uses a kernel side implementation and thus a regular LXC container cannot use it (and this is unlikely to change, ever).
The only way to allow it is to either create a special AppArmor profile with all the required privileges or disable AppArmor like the above poster.
This however pretty much disables security measures and so I strongly recommend to NOT run any untrusted services or users in the same container. It is then merely a fancy-looking chroot environment combined with our storage subsystem.