1.編輯 /etc/apparmor.d/lxc/lxc-default,/etc/apparmor.d/lxc/lxc-default-cgns加入
mount fstype=rpc_pipefs,
mount fstype=nfs,
mount options=(rw, bind, ro),
2.重啟 apparmor 服務
service apparmor reload
僅開放特定 LXC
1.編輯/etc/apparmor.d/lxc/lxc-default-with-nfs
profile lxc-container-default-with-nfs flags=(attach_disconnected,mediate_deleted) {
#include
# the container may never be allowed to mount devpts. If it does, it
# will remount the host's devpts. We could allow it to do it with
# the newinstance option (but, right now, we don't).
deny mount fstype=devpts,
mount fstype=cgroup -> /sys/fs/cgroup/**,
mount fstype=nfs,
mount fstype=nfs4,
mount fstype=nfsd,
mount fstype=rpc_pipefs,
}
2.編輯 /etc/pve/lxc/[vid].conf 加入
lxc.apparmor.profile: lxc-container-default-with-nfs
3.重啟 apparmor 服務
service apparmor reload
沒有留言:
張貼留言