[Lxc-users] LXC, AppArmor, NFS, and Ubuntu 12.04
Stéphane Graber
stgraber at ubuntu.com
Thu Aug 2 17:38:25 UTC 2012
On 08/02/2012 11:59 AM, Nathan Fisher wrote:
> Hi,
>
> Previously using Ubuntu 11.10, upgraded to 12.04. Under 12.04, NFS
> shares no longer function due to AppArmor constraints on the mount command.
>
> What is the prescribed best practise to mount NFS shares within a Guest
> that will minimise maintenance with future Ubuntu updates for 12.04?
>
> I see three options at the moment;
>
> 1) Mount within the host.
That might not work because of the different mount namespaces.
> 2) Modify the AppArmor profile for lxc-containers (will this evolve
> within 12.04 LTS?)
That's certainly an option and we might be doing it by default as I
don't think nfs is really dangerous to mount.
> 3) Disable AppArmor.
That's obviously a pretty bad idea :)
4) Add the line to /var/lib/lxc/<container>/fstab instead of /etc/fstab
This will get lxc to mount it for you when creating the container. At
that point of the process, the apparmor profile shouldn't prevent it
from happening (though I haven't tested it).
> Are there any other options that I've missed? Option 2 is the most
> desirable as it means the guest is self-contained and *somewhat*
> transportable between a cluster of hosts.
>
> Thanks!
>
> Nathan
> w: http://junctionbox.ca/
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20120802/bc4c0ee9/attachment.pgp>
More information about the lxc-users
mailing list