<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">I use privileged containers for internal use. They ar supposed to have all privileges, but when I did this</div><div class="gmail_default" style="font-size:small">mount -o loop /CentOS-8-x86_64-1905-dvd1.iso /opt<br>mount: /opt: mount failed: Operation not permitted.<br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">here is my configuration</div><div class="gmail_default" style="font-size:small">lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0<br>lxc.mount.entry = sysfs sys sysfs defaults  0 0<br>lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir <br><br>lxc.tty.max = 10<br>lxc.pty.max = 1024<br>lxc.cgroup.devices.deny = a<br>lxc.cgroup.devices.allow = c 1:3 rwm<br>lxc.cgroup.devices.allow = c 1:5 rwm<br>lxc.cgroup.devices.allow = c 5:1 rwm<br>lxc.cgroup.devices.allow = c 5:0 rwm<br>lxc.cgroup.devices.allow = c 4:0 rwm<br>lxc.cgroup.devices.allow = c 4:1 rwm<br>lxc.cgroup.devices.allow = c 1:9 rwm<br>lxc.cgroup.devices.allow = c 1:8 rwm<br>lxc.cgroup.devices.allow = c 136:* rwm<br>lxc.cgroup.devices.allow = c 5:2 rwm<br>lxc.cgroup.devices.allow = c 254:0 rwm<br>lxc.cgroup.devices.allow = c 10:137 rwm # loop-control<br>lxc.cgroup.devices.allow = b 7:* rwm    # loop*<br>lxc.cgroup.devices.allow = c 10:229 rwm #fuse<br>lxc.hook.autodev = sh -c 'mknod ${LXC_ROOTFS_MOUNT}/dev/fuse c 10 229'<br><br>lxc.mount.auto = cgroup:mixed<br>lxc.cap.drop =<br><a href="http://lxc.uts.name">lxc.uts.name</a> = mysql<br>lxc.autodev = 1<br>lxc.apparmor.profile = unconfined<br>lxc.apparmor.allow_incomplete = 1<br><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
</blockquote></div></div>