Hi, I am trying to set /sys to rw, I created a profile nsmount and added to it:
printf ‘lxc.apparmor.profile=unconfined\nlxc.mount.auto=proc:rw sys:rw’ | lxc profile set nsmount raw.lxc -
The whole thing looks like that, I applied it to the container using assign:
lxc profile show nsmount
name: nsmount
description: “”
config:
raw.lxc: |-
lxc.apparmor.profile=unconfined
lxc.mount.auto=proc:rw sys:rw
security.nesting: “1”
devices:
fuse:
path: /dev/fuse
type: unix-char
loop0:
path: /dev/loop0
type: unix-block
used_by:
- /1.0/instances/mycontainer
Then after container restart I get:
echo Y > /sys/module/fuse/parameters/userns_mounts
bash: /sys/module/fuse/parameters/userns_mounts: Permission denied
Same occurs when I do: lxc profile set nsmount raw.lxc lxc.mount.auto=“proc:rw sys:rw”
But when I do only: lxc profile set nsmount raw.lxc lxc.apparmor.profile=unconfined
echo Y > /sys/module/fuse/parameters/userns_mounts
bash: /sys/module/fuse/parameters/userns_mounts: Read-only file system
Looks like both of these options together do not work.