[lxc-users] LXD and /dev/fuse
Fajar A. Nugraha
list at fajar.net
Wed May 11 06:21:40 UTC 2016
On Wed, May 11, 2016 at 1:49 AM, Sjoerd <sjoerd at sjomar.eu> wrote:
>
>> Anyway I'll try to recreate the container instead of migrating it form the
>> working LXC (just copied the rootfs from LXC over the the LXD version).
>> Maybe that works...
>>
> Just tried it with a fresh privileged xenial image (ubuntu:x), added the
> fuse device as an unix-char and still doesn't work :(
> Have to find another way I guess (probably mount the webdav on the host and
> then bind mount it in the container)
Found this on /var/log/syslog on my test:
May 11 13:05:27 xenial kernel: [2072055.430045] audit: type=1400
audit(1462946727.099:295): apparmor="DENIED" operation="mount"
info="failed type match" error=-13 profile="lxd-dav_</var/lib/lxd>"
name="/mnt/tmp/" pid=12224 comm="mount.davfs" fstype="fuse"
srcname="http://localhost/dav/" flags="rw, nosuid, nodev"
... and sure enough, on /etc/apparmor.d/abstractions/lxc/container-base
# allow fuse mounts everywhere
mount fstype=fuse.*,
the profile allows fuse.* mounts (e.g. sshfs use type "fuse.sshfs"),
but it says nothing about type "fuse".
As a workaround, adding "mount fstype=fuse" and "service apparmor
reload" works for me.
--
Fajar
More information about the lxc-users
mailing list