[lxc-users] NFS mounts and unprivileged containers

Matthew Green mephi at mephi.co.uk
Fri Dec 4 10:56:50 UTC 2015


The host is expected to be the NFS server to start with, but using bind
mounts (I think this is what you're suggesting) gives me concerns about
portability and backups.

On 4 December 2015 at 04:13, Fajar A. Nugraha <list at fajar.net> wrote:

> On Fri, Dec 4, 2015 at 4:07 AM, Matthew Green <mephi at mephi.co.uk> wrote:
>
>> I'm in the process of moving away from ESXI VMs and over to containers
>> (as everything was all on Ubuntu) and I've hit a bit of a problem.
>>
>> I decided that I'd look to go for unprivileged containers for the extra
>> security but a couple of my containers require NFS mounts and I just can't
>> get them to work.
>>
>> I've changed the apparmor settings to allow NFS mounts, and it works fine
>> with privileged containers, but nothing I try will make the unprivileged
>> containers mount an NFS export.
>>
>> Can anyone provide a definitive statement on whether this just a
>> limitation of unprivileged containers? Or am I doing something wrong?
>>
>>
>
> I believe all mounts in unpriv containers needs to happen on the host.
>
> Can you mount your nfs share on the host, and use lxc.mount.entry to make
> it available to the container? Of course, you need to deal with uid
> differences as well (root is container is not uid 0 on the host).
>
> --
> Fajar
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151204/78115ccb/attachment.html>


More information about the lxc-users mailing list