I am trying to set apparmor rules with the following command:-
lxc config set vmh01-db-master-01 raw.apparmor “mount fstype=nfs,”
I get the following error:
error: exit status 1
Using the same command on another container works without any issues.
I did a strace (not sure if it would help), but the output (https://pastebin.com/MBbB96GG) makes absolutely no sense to me. Perhaps someone else would know better?
Thanks in advance.
That suggests that apparmor is failing to refresh the container’s profile for some reason.
You don’t mention your LXD release but I’m guessing it’s either 2.0.x or something before 2.12 as we have since improved our logging to include a bit more information on failed sub-commands.
Did you try restarting the container and then doing this again? A container restart will force AppArmor to generate a profile from scratch which should then be updatable.
As for your strace, LXD is a client/server piece of software, rsyncing the client tool won’t show you what the server is doing.
I am running 2.0.9. I havn’t tried restarting the container yet. I have scheduled some downtime tonight for a reboot and will check again once the reboot has been done.
I managed to restart the container yesterday. Error is still coming up when trying to mount the NFS folder:-
root@vmh01-db-master-01 [08:57:08] :~# mount nfs-cent-01.xxx.co.za:/mnt/sdb/nfs-share/vm-host-01/vmh01-db-master-01 /mnt/nfs-cent-01.xxx.co.za/
mount.nfs: Operation not permitted
I managed to map the NFS folder on the host itself and then with lxc config device add managed to add the folder to the container. Bit of a work-around but it works (at least).
Is your container privileged? If not, no matter how much apparmor you’re doing, the kernel just won’t let you get anywhere near nfs.