[lxc-users] [lxd] autofs

Rémy Dernat remy.d1 at gmail.com
Mon Jul 4 08:28:12 UTC 2016 

Hi Tycho,

It is launched from root, so, I supposed that is my container is
priviledged. Here is the content of my
"/etc/apparmor.d/lxc/lxc-default-with-mounting" :



    # Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers,
which
    # will source all profiles under /etc/apparmor.d/lxc

    profile lxc-container-default-with-mounting
flags=(attach_disconnected,mediate_deleted) {
      #include <abstractions/lxc/container-base>

    # allow standard blockdevtypes.
    # The concern here is in-kernel superblock parsers bringing down the
    # host with bad data.  However, we continue to disallow proc, sys,
securityfs,
    # etc to nonstandard locations.
      mount fstype=ext*,
      mount fstype=xfs,
      mount fstype=btrfs,
    }


I tried to add "mount fstype=nfs,", then restart my lxd service and my
container, but that did not changed anything.

In fact, I am not able to mount any nfs shared:


mount -t nfs nas-0-2:/export/bio /tmp/bio
mount.nfs: access denied by server while mounting nas-0-2:/export/bio


Although nas-0-2 allows mounts from my client IP.


:(




2016-07-01 21:57 GMT+02:00 Tycho Andersen <tycho.andersen at canonical.com>:

> On Fri, Jul 01, 2016 at 04:15:57PM +0200, Rémy Dernat wrote:
> > Hi,
> >
> > I tried to install basically autofs in the container and mount
> directories
> > with automount, but as a newbie, everything failed ;)
> >
> > automount -f --debug
> > automount: test mount forbidden or incorrect kernel protocol version,
> > kernel protocol version 5.00 or above required.
> >
> > I know that in OpenVZ, you need to mount the filesystem on the host and
> > then use simfs on the container through a container "mount" file.
> > Then, I saw problems with LXC here:
> > http://comments.gmane.org/gmane.linux.kernel.containers.lxc.general/894
> > And after reading https://github.com/lxc/lxd/issues/714 , I tried:
> >
> > lxc config device add my-container autofs unix-char path=/dev/autofs
> >
> > Now on container side:
> > #ls -l /dev/autofs
> > crw-rw---- 1 root root 10, 235 Jul  1 14:06 /dev/autofs
> >
> >
> > However, the issue is still here:
> > automount -f --debug
> > automount: test mount forbidden or incorrect kernel protocol version,
> > kernel protocol version 5.00 or above required.
> >
> > "autofs4" module is loaded in the kernel.
> >
> > I tried to remove/purge autofs and switch to autofs5 package and I have
> > also the same error.
>
> Is the container privileged? Are you in an apparmor mode which allows
> mounts? I don't think unprivileged mounting of autofs is allowed, and
> our apparmor profiles by default disallow most kinds of mounts.
>
> > The container, like the host are ubuntu16.04.
> >
> > Any help would be useful !
> >
> > Best regards,
> > Remy
>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160704/6684c101/attachment.html>

More information about the lxc-users mailing list