Tuesday, May 21, 2019

Enabling NFS sharing (mount bind) for mounting NFS shares into LXC container

If you are running Proxmox 5.x and you are trying to mount an NFS share to your LXC container you may encounter permission denied issues.

such as:
May 21 12:42:31 e7 systemd[1]: Failed to start PVE LXC Container: 164.


This issue is caused by security permission in apparmor. We just need to reconfigure it so that it will support NFS shares.

This article will describe how to overcome this issue permission issue.

STEP 1 - COPY APPARMOR CONFIGURATION (on Proxmox Host)

cd /etc/apparmor.d/lxc
cp lxc-default-cgns lxc-container-default-with-nfs
nano lxc-container-default-with-nfs

Change lxc-container-default-cgns with lxc-container-default-with-nfs

Add the following lines right before the } (closing curly brace)

  mount fstype=nfs*,
  mount fstype=rpc_pipefs,


STEP 2 - RELOAD APPARMOR

systemctl reload apparmor



The above 2 steps will fix the AppArmor permission issues.

Next, you may want to know how to Bind Mount your NFS share to your LXC container, please click on the next article How to mount NFS share to Proxmox LXC container.



SAMPLE OF MY LXC CONFIGURATION FILE:


arch: amd64
cores: 4
hostname: blahblah
memory: 8192
nameserver: 10.0.0.1 8.8.8.8 4.4.4.4
net0: name=eth0,bridge=vmbr0,gw=10.0.0.1,hwaddr=_______________,ip=10.0.110.42/16,type=veth
ostype: ubuntu
rootfs: local_md0:164/vm-164-disk-1.raw,size=64G
searchdomain: localhost
swap: 8192
lxc.apparmor.profile: lxc-container-default-with-nfs
mp0: /mnt/pve/vepublicb1/tf/data_shared,mp=/data_shared
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)