Skip to content

Instantly share code, notes, and snippets.

@gionn

gionn/lxc_mount_bind.md

Created November 21, 2013 16:49
Show Gist options
  • Star 19 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save gionn/7585324 to your computer and use it in GitHub Desktop.
Save gionn/7585324 to your computer and use it in GitHub Desktop.
Download ZIP
How to enable bind mount inside lxc container
Raw
lxc_mount_bind.md

How to enable bind mount inside lxc container

When mount is returning:

STDERR: mount: block device /srv/database-data/postgres is write-protected, mounting read-only
mount: cannot mount block device /srv/database-data/postgres read-only

and dmesg shows:

[ 6944.194280] type=1400 audit(1385049795.420:32): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=6631 profile="lxc-container-default" name="/var/lib/postgresql/9.1/main/" pid=6632 comm="mount" srcname="/srv/database-data/postgres/" flags="rw, bind"

AppArmor is blocking mount -o bind inside the LXC container.

To enable id add in /etc/apparmor.d/lxc/lxc-default:

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
  ...
    mount options=(rw, bind),
  ...

Reload apparmor:

# /etc/init.d/apparmor reload
@aaronstaley
Copy link

To ensure read-only mounts work, you'll want mount options to be:

mount options=(rw, bind, ro),

@zero5100
Copy link

zero5100 commented Oct 2, 2016

Thank you, this helped me to mount a cifs share inside of a proxmox container.

@jcalado
Copy link

jcalado commented May 18, 2017

Life saver.

@AdaLovelance
Copy link

Thanks so much!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment