[Lxc-users] lxc, CIFS mounts, MySQL SSL and apparmor
TuxRaiderPen
tuxraiderpen at wpascanner.com
Fri Sep 7 20:15:47 UTC 2012
On Thursday, September 06, 2012 09:25:54 you wrote:
> > [ 2828.314451] type=1400 audit(1346445533.683:25): apparmor="DENIED"
> > operation="mount" info="failed type match" error=-13 parent=5073
> > profile="lxc- container-default" name="/mnt/wxdata/" pid=5074
> > comm="mount.cifs" fstype="cifs" srcname="//192.168.0.10/Share"
> > flags="rw"
>
> I haven't tried this, but it sure looks like this should be fixed with your
> rule.
>
> > Short of turning apparmor off, which is my next step...
>
> Well it's certainly worth trying turning apparmor off (just with
> lxc.aa_profile = unconfined) to make sure it's the problem. The
> network filesystems are still persnickity in containers, and I'm
> not even sure cifs will work at all.
>
> > Any apparmor guru's know how to remove this block ? ? ?
lxc.aa_profile=unconfined
in the container profile, does allow the CIFS/Samba mount to work....
stoping and starting the container DOES NOT allow the mount to work with the
rule change I made.
Any ideas on changes to the rules for apparmor ?
And still *no joy* on the MySQL SSL front, still "DISABLED" which means that
something esle is not enabled or blocking it, as "NO" would mean MySQL didn't
support SSL. So it appears apparmor is not the culprit here as its disabled.
More information about the lxc-users
mailing list