kevin39/nfsd-on-lxc

## nfsd-on-lxc
Create a new file "/etc/apparmor.d/lxc/lxc-default-with-nfsd" and paste in the following;

Code:
# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-with-nfsd flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>

  # the container may never be allowed to mount devpts.  If it does, it
  # will remount the host's devpts.  We could allow it to do it with
  # the newinstance option (but, right now, we don't).
  deny mount fstype=devpts,
  mount fstype=nfsd,
  mount fstype=rpc_pipefs,
  mount fstype=cgroup -> /sys/fs/cgroup/**,
}
Then run this command to reload the profiles
Code:
apparmor_parser -r /etc/apparmor.d/lxc-containers
Finally at this line to your /etc/pve/lxc/CTID.conf
Code:
lxc.aa_profile = lxc-container-default-with-nfsd
	Create a new file "/etc/apparmor.d/lxc/lxc-default-with-nfsd" and paste in the following;

	Code:
	# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
	# will source all profiles under /etc/apparmor.d/lxc

	profile lxc-container-default-with-nfsd flags=(attach_disconnected,mediate_deleted) {
	#include <abstractions/lxc/container-base>

	# the container may never be allowed to mount devpts. If it does, it
	# will remount the host's devpts. We could allow it to do it with
	# the newinstance option (but, right now, we don't).
	deny mount fstype=devpts,
	mount fstype=nfsd,
	mount fstype=rpc_pipefs,
	mount fstype=cgroup -> /sys/fs/cgroup/**,
	}
	Then run this command to reload the profiles
	Code:
	apparmor_parser -r /etc/apparmor.d/lxc-containers
	Finally at this line to your /etc/pve/lxc/CTID.conf
	Code:
	lxc.aa_profile = lxc-container-default-with-nfsd