[Lxc-users] [LXC] loop module in ubuntu template

Sujay M sujay.m17 at gmail.com
Thu Jan 10 17:10:23 UTC 2013 

Hi Tamas,

Thanks for you reply,

>>Please do not crosspost.
Sorry Tamas, I'm new to lxc, I won't repeat it again. I tried to a lot find
the solution elsewhere but of no use.

>>In the container config:
>>
>>lxc.aa_profile = lxc-container-default--with-
>>loops
>># loop
>>lxc.cgroup.devices.allow = b 7:* rwm
>>lxc.cgroup.devices.allow = c 10:237 rwm
Should i create a new container with this property in config file or will
it work if i change and start the container with the new config file

>>apparmor:
>>
>>$ cat /etc/apparmor.d/lxc/lxc-default--with-loops
>># Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers,
which
>># will source all profiles under /etc/apparmor.d/lxc
>>
>>profile lxc-container-default--with-loops
flags=(attach_disconnected,mediate_deleted) {
>>
>>[.... something default, can be inherited, check Quantal configuration
....]
>>
>>  # custom
>>   mount fstype=iso9660 -> /mnt/**,
>>}

I dont have any file called lxc-default--with-loops. I just have the below
file. Should i add
# custom
mount fstype=iso9660 -> /mnt/**,
in this file only. should i change ** to anything or should it be **


root at ubuntu:/etc/apparmor.d/lxc# ls
lxc-default
root at ubuntu:/etc/apparmor.d/lxc# cat lxc-default
# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
  network,
  capability,
  file,
  umount,

  # ignore DENIED message on / remount
  deny mount options=(ro, remount) -> /,

  # allow tmpfs mounts everywhere
  mount fstype=tmpfs,

  # allow mqueue mounts everywhere
  mount fstype=mqueue,

  # allow fuse mounts everywhere
  mount fstype=fuse.*,

  # the container may never be allowed to mount devpts.  If it does, it
  # will remount the host's devpts.  We could allow it to do it with
  # the newinstance option (but, right now, we don't).
  deny mount fstype=devpts,

  # allow bind mount of /lib/init/fstab for lxcguest
  mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/,

  # deny writes in /proc/sys/fs but allow fusectl to be mounted
  mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
  deny @{PROC}/sys/fs/** wklx,

  # block some other dangerous paths
  deny @{PROC}/sysrq-trigger rwklx,
  deny @{PROC}/mem rwklx,
  deny @{PROC}/kmem rwklx,
  deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx,
  deny @{PROC}/sys/kernel/*/** wklx,

  # deny writes in /sys except for /sys/fs/cgroup, also allow
  # fusectl, securityfs and debugfs to be mounted there (read-only)
  mount fstype=fusectl -> /sys/fs/fuse/connections/,
  mount fstype=securityfs -> /sys/kernel/security/,
  mount fstype=debugfs -> /sys/kernel/debug/,
  deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/,
  mount fstype=proc -> /proc/,
  mount fstype=sysfs -> /sys/,
  deny /sys/[^f]*/** wklx,
  deny /sys/f[^s]*/** wklx,
  deny /sys/fs/[^c]*/** wklx,
  deny /sys/fs/c[^g]*/** wklx,
  deny /sys/fs/cg[^r]*/** wklx,
}


On 10 January 2013 22:16, Papp Tamas <tompos at martos.bme.hu> wrote:

> On 01/10/2013 05:36 PM, Sujay M wrote:
> > Hi all,
> >
> > I have created a container vm0 using the ubuntu template. I want to use
> /mnt/sdb1/ as loopback
> > storage. so if i try to mount it i'm getting
> >
> > root at vm0:~# mount /mnt/sdb1/
> > mount: Could not find any loop device. Maybe this kernel does not know
> >         about the loop device? (If so, recompile or `modprobe loop'.)
> >
> > root at vm0:~# modprobe loop
> > FATAL: Could not load /lib/modules/3.2.0-23-generic/modules.dep: No such
> file or directory
> >
> > How can i overcome this problem? Please help. Thanks in advance.
>
>
> Please do not crosspost.
>
>
> In the container config:
>
> lxc.aa_profile = lxc-container-default--with-loops
> # loop
> lxc.cgroup.devices.allow = b 7:* rwm
> lxc.cgroup.devices.allow = c 10:237 rwm
>
>
> apparmor:
>
> $ cat /etc/apparmor.d/lxc/lxc-default--with-loops
> # Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers,
> which
> # will source all profiles under /etc/apparmor.d/lxc
>
> profile lxc-container-default--with-loops
> flags=(attach_disconnected,mediate_deleted) {
>
> [.... something default, can be inherited, check Quantal configuration
> ....]
>
>
>    # custom
>    mount fstype=iso9660 -> /mnt/**,
> }
>
>
>
> tamas
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>



-- 
Best Regards,

Sujay M
Final year B.Tech
Computer Engineering
NITK Surathkal

contact: +918971897571
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20130110/bdb7bfb7/attachment.html>

More information about the lxc-users mailing list