Running nfsv4-server.service in an unprivileged lxc possible?

darksky · March 17, 2025, 7:54pm

Since nfsv4-server.service requires access to /proc/fs/nfsd it is failing to run in my container. I tried adding this to the container config:

lxc.mount.entry = /proc/fs/nfsd proc/fs/nfsd none bind,optional,create=dir

And on the host, changed ownership to 100000:100000 so the mapping is right. The systemd service in the container cannot mount to it:

Mar 17 15:55:55 serv systemd[1]: Starting NFSv4 server and services...
Mar 17 15:55:55 serv rpc.nfsd[213]: rpc.nfsd: Unable to access /proc/fs/nfsd errno 2 (No such file or directory).
Mar 17 15:55:55 serv rpc.nfsd[213]: Please try, as root, 'mount -t nfsd nfsd /proc/fs/nfsd' and then restart rpc.nfsd to correc>
Mar 17 15:55:55 serv rpc.nfsd[213]: error starting threads: errno 2 (No such file or directory)
Mar 17 15:55:55 serv systemd[1]: nfsv4-server.service: Main process exited, code=exited, status=1/FAILURE
Mar 17 15:55:55 serv systemd[1]: nfsv4-server.service: Failed with result 'exit-code'.

Trying manually fails:

# mount -t nfsd nfsd /proc/fs/nfsd 
mount: /proc/fs/nfsd: permission denied.

Is running nfsv4 in an unprivileged container possible?

osch · March 19, 2025, 2:01am

Run into the same issue a few weeks back and found an older post Can't start NFS server which explains why.

The short answer is NFS is kernel based and has no namespace awareness. There are a few attempts to emulate NFS in namespace but they are all experimental.

darksky · March 21, 2025, 7:50pm

thanks