Differences

This shows you the differences between two versions of the page.

Link to this comparison view

proxmox:nfs_server_inside_lxc_container [2019/02/14 09:52] – created adminproxmox:nfs_server_inside_lxc_container [2019/02/14 09:55] (current) admin
Line 1: Line 1:
 +====== Запуск NFS-сервера внутри контейнера ProxMox 5.3 - LXC ====
 +Создать файл профиля **AppAromor** - **/etc/apparmor.d/lxc/lxc-default-with-nfsd**
 +<code>
 +# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
 +# will source all profiles under /etc/apparmor.d/lxc
  
 +profile lxc-container-default-with-nfsd flags=(attach_disconnected,mediate_deleted) {
 +  #include <abstractions/lxc/container-base>
 +
 +  # the container may never be allowed to mount devpts.  If it does, it
 +  # will remount the host's devpts.  We could allow it to do it with
 +  # the newinstance option (but, right now, we don't).
 +  deny mount fstype=devpts,
 +  mount fstype=nfsd,
 +  mount fstype=rpc_pipefs,
 +  mount fstype=cgroup -> /sys/fs/cgroup/**,
 +}
 +</code>
 +Добавить профиль в текущую конфигурацию **AppArmor**:
 +  apparmor_parser -r /etc/apparmor.d/lxc-containers
 +В конфигурацию контейнера добавить:
 +  lxc.apparmor.profile = lxc-container-default-with-nfsd
  • proxmox/nfs_server_inside_lxc_container.txt
  • Last modified: 2019/02/14 09:55
  • by admin