[lxc-users] LXD and /dev/fuse
Serge Hallyn
serge.hallyn at ubuntu.com
Wed May 11 14:41:39 UTC 2016
Quoting Sjoerd (sjoerd at sjomar.eu):
>
>
> On 11/05/2016 08:21, Fajar A. Nugraha wrote:
> >On Wed, May 11, 2016 at 1:49 AM, Sjoerd <sjoerd at sjomar.eu> wrote:
> >>
> >>>Anyway I'll try to recreate the container instead of migrating
> >>>it form the
> >>>working LXC (just copied the rootfs from LXC over the the LXD
> >>>version).
> >>>Maybe that works...
> >>>
> >>Just tried it with a fresh privileged xenial image (ubuntu:x),
> >>added the
> >>fuse device as an unix-char and still doesn't work :(
> >>Have to find another way I guess (probably mount the webdav on
> >>the host and
> >>then bind mount it in the container)
> >
> >Found this on /var/log/syslog on my test:
> >May 11 13:05:27 xenial kernel: [2072055.430045] audit: type=1400
> >audit(1462946727.099:295): apparmor="DENIED" operation="mount"
> >info="failed type match" error=-13 profile="lxd-dav_</var/lib/lxd>"
> >name="/mnt/tmp/" pid=12224 comm="mount.davfs" fstype="fuse"
> >srcname="http://localhost/dav/" flags="rw, nosuid, nodev"
> >
> >... and sure enough, on /etc/apparmor.d/abstractions/lxc/container-base
> > # allow fuse mounts everywhere
> > mount fstype=fuse.*,
> >
> >the profile allows fuse.* mounts (e.g. sshfs use type "fuse.sshfs"),
> >but it says nothing about type "fuse".
> >As a workaround, adding "mount fstype=fuse" and "service apparmor
> >reload" works for me.
>
> Brilliant! That works indeed :)
> Many thanks!
Seems like it might be worth keeping a light wiki with community provided
profiles. fuse could be the first one.
More information about the lxc-users
mailing list