[lxc-users] NFS mounts and unprivileged containers

Fajar A. Nugraha list at fajar.net
Fri Dec 4 04:13:57 UTC 2015


On Fri, Dec 4, 2015 at 4:07 AM, Matthew Green <mephi at mephi.co.uk> wrote:

> I'm in the process of moving away from ESXI VMs and over to containers (as
> everything was all on Ubuntu) and I've hit a bit of a problem.
>
> I decided that I'd look to go for unprivileged containers for the extra
> security but a couple of my containers require NFS mounts and I just can't
> get them to work.
>
> I've changed the apparmor settings to allow NFS mounts, and it works fine
> with privileged containers, but nothing I try will make the unprivileged
> containers mount an NFS export.
>
> Can anyone provide a definitive statement on whether this just a
> limitation of unprivileged containers? Or am I doing something wrong?
>
>

I believe all mounts in unpriv containers needs to happen on the host.

Can you mount your nfs share on the host, and use lxc.mount.entry to make
it available to the container? Of course, you need to deal with uid
differences as well (root is container is not uid 0 on the host).

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151204/5e4e1653/attachment-0001.html>


More information about the lxc-users mailing list