[lxc-users] nfs server in [unprivileged] container?
Marat Khalili
mkh at rqc.ru
Thu Mar 30 05:47:53 UTC 2017
I do run nfs in a privileged container, mostly because it is easier to
manage it this way (separate IP-address and such -- reasons similar to
yours actually).
Since I use nfs-kernel-server, most (if not all) of the code is actually
executed in kernel, not in container userspace. Also, I had to disable
apparmor for this container (lxc.aa_profile = unconfined). Because of
this, I'm not sure if trying unprivileged nfs container makes any sense.
The story would be all different for userspace nfs server, but
apparently there's none.
--
With Best Regards,
Marat Khalili
More information about the lxc-users
mailing list