3

On an Ubuntu 12.10 server, I created an Ubuntu cloud lxc container. In the /var/lib/lxc/MY_CONTAINER/config file, I uncommented the line:

lxc.aa_profile = unconfined

and started the container.

Inside the container, I try to mount a cifs file system:

sudo mount -t cifs //server/share /mnt

And I get this:

mount error(13): Permission denied

Along with this in the system logs:

[5200005.304634] type=1400 audit(1360130285.896:174): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=6756 profile="lxc-container-default" name="/mnt/" pid=6757 comm="mount.cifs" fstype="cifs" srcname="//server/share" flags="rw"

What am I missing?

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
Joshua D. Boyd
  • 185
  • 8
  • I think I have the same problem. I haven't tried yet, but I am guessing things will work if you put the mount in /var/lib/lxc/CONTAINER/fstab (instead of actually mounting from within the container). – Adrian Ratnapala Apr 24 '13 at 15:05

1 Answers1

1

Things you might be missing may include:

  • You seem to have apparmor running, configured so that it is preventing the mount operation in this profile. You could temporarily disable apparmor to verify if this is the only thing preventing your command. In /etc/apparmor.d/lxc-containers you may have to add mount fstype=cifs, and reload the policy.
  • The cloud template is for openstack / EC2 etc, the bare Ubuntu server may not qualify. That can lead to some mysterious errors.
  • Best practice is to include an fstab in the container configuration file to mount something in the container: lxc.mount = /var/lib/lxc/MY_CONTAINER/fstab In this fstab file you can create entries just as you are used to in normal fstab files.
Király István
  • 377
  • 4
  • 10