nfs share from lxc

ilia987

Member
Sep 9, 2019
228
9
23
35
under latest proxmox (6.1)
i have some issues to run nfs server

Code:
Feb 11 11:36:32 nfs-intenral systemd[1]: proc-fs-nfsd.mount: Failed to reset devices.list: Operation not permitted
Feb 11 11:36:32 nfs-intenral systemd[1]: Mounting NFSD configuration filesystem...
-- Subject: Unit proc-fs-nfsd.mount has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit proc-fs-nfsd.mount has begun starting up.
Feb 11 11:36:32 nfs-intenral systemd[1]: run-rpc_pipefs.mount: Failed to reset devices.list: Operation not permitted
Feb 11 11:36:32 nfs-intenral systemd[1]: Mounting RPC Pipe File System...
-- Subject: Unit run-rpc_pipefs.mount has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit run-rpc_pipefs.mount has begun starting up.
Feb 11 11:36:32 nfs-intenral mount[367]: mount: only root can use "--types" option (effective UID is 100000)
Feb 11 11:36:32 nfs-intenral systemd[1]: nfs-config.service: Failed to reset devices.list: Operation not permitted
Feb 11 11:36:32 nfs-intenral mount[368]: mount: only root can use "--types" option (effective UID is 100000)
Feb 11 11:36:32 nfs-intenral systemd[1]: Starting Preprocess NFS configuration...
-- Subject: Unit nfs-config.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
...
...
...

lxc.conf file
Code:
arch: amd64
cores: 4
hostname: nfs-intenral
memory: 4096
mp4: /mnt/pve/cephfs-data/data,mp=/mnt/ftd,backup=0,shared=1,replicate=0
net0: name=eth0,bridge=vmbr0,firewall=1 <<deleted >>
ostype: ubuntu
rootfs: ceph-lxc:vm-139-disk-0,size=8G
swap: 0
unprivileged: 0
lxc.apparmor.profile: unconfined
 

Stefan_R

Proxmox Staff Member
Staff member
Jun 4, 2019
1,300
275
88
Vienna
Are you trying to mount an NFS share in a container or export one? The latter is not supported, and for the former you have to add the 'NFS' feature to your container (only available as privileged).

Also, setting your container to be unprivileged but removing all apparmor restrictions seriously hurts security, and I'd recommend against it.
 

lifeboy

Active Member
I know this is a somewhat old ticket, but it was possible to export and NFS share in Proxmox 4.4. Has this been dropped intentionally, or it is just not implimented in the newer version?

Also, NFS provides a simple way to mount a backup location, which then can be used to backup a vm of lxc from another remote proxmox cluster and restore it one the cluster that hosts the NFS guest. There doesn't seem to be an easy way to achieve with without NFS, is there?
 

lifeboy

Active Member
eventually , we managed to make it work: we set some lxc.apparmor settings
I have added the apparmour settings, but it doesn't help.

Code:
# service nfs-server status
* nfs-server.service - NFS server and services
   Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
root@backup:~# service nfs-server start
A dependency job for nfs-server.service failed. See 'journalctl -xe' for details.
root@backup:~# journalctl -xe
-- Subject: Unit nfs-idmapd.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit nfs-idmapd.service has failed.
--
-- The result is RESULT.
Apr 22 09:43:02 backup systemd[1]: nfs-idmapd.service: Job nfs-idmapd.service/start failed with result 'dependency'.
Apr 22 09:43:02 backup systemd[1]: nfs-server.service: Job nfs-server.service/start failed with result 'dependency'.
Apr 22 09:43:02 backup systemd[1]: nfs-mountd.service: Job nfs-mountd.service/start failed with result 'dependency'.
Apr 22 09:43:02 backup mount[416]: mount: /run/rpc_pipefs: permission denied.
Apr 22 09:43:02 backup systemd[1]: run-rpc_pipefs.mount: Mount process exited, code=exited status=32
Apr 22 09:43:02 backup systemd[1]: run-rpc_pipefs.mount: Failed with result 'exit-code'.
Apr 22 09:43:02 backup systemd[1]: Failed to mount RPC Pipe File System.

The config file has:

Code:
# cat /etc/pve/lxc/152.conf
features: fuse=1,nesting=1
arch: amd64
cores: 2
hostname: backup
memory: 2048
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.131.254,hwaddr=7E:96:52:8B:01:D6,ip=192.168.131.193/24,type=veth
ostype: ubuntu
rootfs: standard:vm-152-disk-0,mountoptions=noatime,replicate=0,size=500G
swap: 4096
unprivileged: 1
lxc.apparmor.profile: unconfined

Any ideas on what may be wrong?
 
Jan 29, 2019
115
29
33
Last edited:

friendodevil

New Member
Apr 5, 2022
9
0
1
Are you trying to mount an NFS share in a container or export one? The latter is not supported, and for the former you have to add the 'NFS' feature to your container (only available as privileged).

Also, setting your container to be unprivileged but removing all apparmor restrictions seriously hurts security, and I'd recommend against it.

Is exporting a NFS share in a container supported in 7.1-12?
If not, how do you suggest to share storage btw a container running a Ubuntu20.04 and a VM running Ubuntu Desktop?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!