<div dir="ltr">Hi Tycho,<div><br></div><div>It is launched from root, so, I supposed that is my container is priviledged. Here is the content of my "/etc/apparmor.d/lxc/lxc-default-with-mounting" :</div><div><br></div><div><br></div><div><br></div><div><div> # Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which</div><div> # will source all profiles under /etc/apparmor.d/lxc</div><div> </div><div> profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) {</div><div> #include <abstractions/lxc/container-base></div><div> </div><div> # allow standard blockdevtypes.</div><div> # The concern here is in-kernel superblock parsers bringing down the</div><div> # host with bad data. However, we continue to disallow proc, sys, securityfs,</div><div> # etc to nonstandard locations.</div><div> mount fstype=ext*,</div><div> mount fstype=xfs,</div><div> mount fstype=btrfs,</div><div> }</div></div><div><br></div><div><br></div><div>I tried to add "mount fstype=nfs,", then restart my lxd service and my container, but that did not changed anything.</div><div><br></div><div>In fact, I am not able to mount any nfs shared:</div><div><br></div><div><br></div><div><div>mount -t nfs nas-0-2:/export/bio /tmp/bio</div><div>mount.nfs: access denied by server while mounting nas-0-2:/export/bio</div></div><div><br></div><div><br></div><div>Although nas-0-2 allows mounts from my client IP.</div><div><br></div><div><br></div><div>:(</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-07-01 21:57 GMT+02:00 Tycho Andersen <span dir="ltr"><<a href="mailto:tycho.andersen@canonical.com" target="_blank">tycho.andersen@canonical.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Jul 01, 2016 at 04:15:57PM +0200, Rémy Dernat wrote:<br>
> Hi,<br>
><br>
> I tried to install basically autofs in the container and mount directories<br>
> with automount, but as a newbie, everything failed ;)<br>
><br>
> automount -f --debug<br>
> automount: test mount forbidden or incorrect kernel protocol version,<br>
> kernel protocol version 5.00 or above required.<br>
><br>
> I know that in OpenVZ, you need to mount the filesystem on the host and<br>
> then use simfs on the container through a container "mount" file.<br>
> Then, I saw problems with LXC here:<br>
> <a href="http://comments.gmane.org/gmane.linux.kernel.containers.lxc.general/894" rel="noreferrer" target="_blank">http://comments.gmane.org/gmane.linux.kernel.containers.lxc.general/894</a><br>
> And after reading <a href="https://github.com/lxc/lxd/issues/714" rel="noreferrer" target="_blank">https://github.com/lxc/lxd/issues/714</a> , I tried:<br>
><br>
> lxc config device add my-container autofs unix-char path=/dev/autofs<br>
><br>
> Now on container side:<br>
> #ls -l /dev/autofs<br>
> crw-rw---- 1 root root 10, 235 Jul 1 14:06 /dev/autofs<br>
><br>
><br>
> However, the issue is still here:<br>
> automount -f --debug<br>
> automount: test mount forbidden or incorrect kernel protocol version,<br>
> kernel protocol version 5.00 or above required.<br>
><br>
> "autofs4" module is loaded in the kernel.<br>
><br>
> I tried to remove/purge autofs and switch to autofs5 package and I have<br>
> also the same error.<br>
<br>
</span>Is the container privileged? Are you in an apparmor mode which allows<br>
mounts? I don't think unprivileged mounting of autofs is allowed, and<br>
our apparmor profiles by default disallow most kinds of mounts.<br>
<span class=""><br>
> The container, like the host are ubuntu16.04.<br>
><br>
> Any help would be useful !<br>
><br>
> Best regards,<br>
> Remy<br>
<br>
</span>> _______________________________________________<br>
> lxc-users mailing list<br>
> <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
> <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
<br>
_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></blockquote></div><br></div>