Skip to content

Instantly share code, notes, and snippets.

Created November 21, 2013 16:49
What would you like to do?
How to enable bind mount inside lxc container

How to enable bind mount inside lxc container

When mount is returning:

STDERR: mount: block device /srv/database-data/postgres is write-protected, mounting read-only
mount: cannot mount block device /srv/database-data/postgres read-only

and dmesg shows:

[ 6944.194280] type=1400 audit(1385049795.420:32): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=6631 profile="lxc-container-default" name="/var/lib/postgresql/9.1/main/" pid=6632 comm="mount" srcname="/srv/database-data/postgres/" flags="rw, bind"

AppArmor is blocking mount -o bind inside the LXC container.

To enable id add in /etc/apparmor.d/lxc/lxc-default:

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
    mount options=(rw, bind),

Reload apparmor:

# /etc/init.d/apparmor reload
Copy link

To ensure read-only mounts work, you'll want mount options to be:

mount options=(rw, bind, ro),

Copy link

zero5100 commented Oct 2, 2016

Thank you, this helped me to mount a cifs share inside of a proxmox container.

Copy link

jcalado commented May 18, 2017

Life saver.

Copy link

Thanks so much!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment