Fix on connecting to NFS server from Proxmox Centos 7 Container

I hope you already know how to allow NFS from proxmox host server. if not, you may read my earlier post:

NFS fix on LXC Host Server

I was actually receiving a error like below:

# mount -t nfsd nfsd /proc/fs/nfsd
mount: nfsd is write-protected, mounting read-only
mount: cannot mount nfsd read-only

My proxmox edition was 5.0-30 and my CentOS was 7.

However, this is a bit different rather looking the other one as mentioned above. I was experiencing connecting my Centos 7 LXC container to a NFS server in the network. The regular tweak didn’t work. So, had to spend a while googling the solution. Found the correct one on a forum thread. But eventually it worked. For this you need to edit the file

nano /etc/pve/lxc/<your container ID>.conf

Add the below line in the conf file:

lxc.aa_profile: unconfined

Reboot the container. And now try to connect the NFS server. It should work.

 

Share

NFS fix on LXC Host Server

NFS client on LXC seems do not work. Why? The problem is apparmor on the real machine that block any appempt to mount NFS volumes.
In order to try to minimize the security changes on apparmor I add the following lines in/etc/apparmor.d/lxc/lxc-default

# allow nfs mount everywhere

mount fstype=rpc_pipefs, 
mount fstype=nfs,

Then

$ /etc/init.d/apparmor reload

And now I was able to restart nfs-common and nfs-kernel-server without errors !

Update!!!!!

nano /etc/apparmor.d/lxc/lxc-default

Update the file as below-

# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>

# the container may never be allowed to mount devpts. If it does, it
# will remount the host's devpts. We could allow it to do it with
# the newinstance option (but, right now, we don't).
# deny mount fstype=devpts,

# allow nfs mount everywhere

mount fstype=rpc_pipefs,
mount fstype=nfs,
}
Share