[lxc-users] nfs server in [unprivileged] container?

Marat Khalili mkh at rqc.ru
Thu Mar 30 05:47:53 UTC 2017


I do run nfs in a privileged container, mostly because it is easier to 
manage it this way (separate IP-address and such -- reasons similar to 
yours actually).

Since I use nfs-kernel-server, most (if not all) of the code is actually 
executed in kernel, not in container userspace. Also, I had to disable 
apparmor for this container (lxc.aa_profile = unconfined). Because of 
this, I'm not sure if trying unprivileged nfs container makes any sense.

The story would be all different for userspace nfs server, but 
apparently there's none.

--

With Best Regards,
Marat Khalili



More information about the lxc-users mailing list