[lxc-users] mounting an ISO insider a container

[Saint Michael]

I use privileged containers for internal use. They ar supposed to have all
privileges, but when I did this
mount -o loop /CentOS-8-x86_64-1905-dvd1.iso /opt
mount: /opt: mount failed: Operation not permitted.

here is my configuration
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults  0 0
lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir

lxc.tty.max = 10
lxc.pty.max = 1024
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rwm
lxc.cgroup.devices.allow = c 10:137 rwm # loop-control
lxc.cgroup.devices.allow = b 7:* rwm    # loop*
lxc.cgroup.devices.allow = c 10:229 rwm #fuse
lxc.hook.autodev = sh -c 'mknod ${LXC_ROOTFS_MOUNT}/dev/fuse c 10 229'

lxc.mount.auto = cgroup:mixed
lxc.cap.drop =
lxc.uts.name = mysql
lxc.autodev = 1
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_incomplete = 1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20191216/a36228b4/attachment.html>