[lxc-users] nfs apparmor denial

Mike Wright nobody at nospam.hostisimo.com
Fri Dec 13 01:34:27 UTC 2019


Hi all,

I have an Ubuntu-19.10 fully upgraded lxc container (as in lxc-create) 
and am trying to use it as an nfs-kernel-server.  It is down to one last 
error that has me stymied.



In /etc/apparmor/lxc-default-cgns I have placed: (thanx google)

     mount fstype=nfs*,
     mount options=(rw, bind, ro),



The errors are all apparmor DENIED:  each begins with the following 
line, the only difference is "failed type" vs "failed flags"

apparmor="DENIED" operation="mount" info="failed type match" error=-13 
profile="lxc-container-default-cgns"



Here are the tail end of the errors.  They all are nfs related.

name="/run/rpc_pipefs/" pid=28767 comm="mount" fstype="rpc_pipefs" 
srcname="sunrpc"

name="/run/rpc_pipefs/" pid=28767 comm="mount" fstype="rpc_pipefs" 
srcname="sunrpc" flags="ro"

name="/" pid=28783 comm="(nft)" flags="rw, rslave"

name="/proc/fs/nfsd/" pid=28811 comm="mount" fstype="nfsd" srcname="nfsd"

name="/proc/fs/nfsd/" pid=28811 comm="mount" fstype="nfsd" 
srcname="nfsd" flags="ro"

name="/" pid=28867 comm="(networkd)" flags="rw, rslave"

name="/" pid=29030 comm="(d-logind)" flags="rw, rslave"



If somebody could point me in the right direction I'd be most grateful.

Thanks,
Mike Wright


More information about the lxc-users mailing list