Skip to content

Instantly share code, notes, and snippets.

@luison

luison/lxc_mount_bind.md

Forked from gionn/lxc_mount_bind.md
Created September 1, 2020 16:21
Show Gist options
  • Save luison/c4a76a00d5bff872f6ec952b36b0d422 to your computer and use it in GitHub Desktop.
Save luison/c4a76a00d5bff872f6ec952b36b0d422 to your computer and use it in GitHub Desktop.
Download ZIP
How to enable bind mount inside lxc container
Raw
lxc_mount_bind.md

How to enable bind mount inside lxc container

When mount is returning:

STDERR: mount: block device /srv/database-data/postgres is write-protected, mounting read-only
mount: cannot mount block device /srv/database-data/postgres read-only

and dmesg shows:

[ 6944.194280] type=1400 audit(1385049795.420:32): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=6631 profile="lxc-container-default" name="/var/lib/postgresql/9.1/main/" pid=6632 comm="mount" srcname="/srv/database-data/postgres/" flags="rw, bind"

AppArmor is blocking mount -o bind inside the LXC container.

To enable id add in /etc/apparmor.d/lxc/lxc-default:

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
  ...
    mount options=(rw, bind),
  ...

Reload apparmor:

# /etc/init.d/apparmor reload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment