[Bug 1418279] [NEW] Automount NFSv4 doesn't work

Jens Elkner 1418279 at bugs.launchpad.net
Thu Feb 5 01:33:10 UTC 2015 

Public bug reported:

I'm trying to use NFSv4 automount within an lxc container,  however, it
doesn't work (it works for Solaris zones, so that's not an server
issue).

> cd /net/pkg/<TAB>
/net/pkg/ not found

> cat /etc/auto.master 
/net	-hosts
+dir:/etc/auto.master.d
+auto.master

The following log message makes me suspicious (comes 3-4 times):
[Feb 5 01:51] audit: type=1400 audit(1423099036.365:94): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/tmp/autoHBYlmU/" pid=27748 comm="mount" srcname="/tmp/autogYuIlN/" flags="rw, bind"

But AFAICS rw,bind is allowed:
>cat /etc/apparmor.d/lxc/lxc-default
profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
  deny mount fstype=devpts,
	mount options=(rw, rbind),
	mount fstype=nfs,
	mount fstype=nfs4,
	mount fstype=rpc_pipefs,
	mount fstype=autofs,
}
That's the profile in the global/parent zone used by all our containers. So not sure, whether it is actually a NFSv4 or apparmor bug ...

** Affects: autofs (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autofs in Ubuntu.
https://bugs.launchpad.net/bugs/1418279

Title:
  Automount NFSv4 doesn't work

Status in autofs package in Ubuntu:
  New

Bug description:
  I'm trying to use NFSv4 automount within an lxc container,  however,
  it doesn't work (it works for Solaris zones, so that's not an server
  issue).

  > cd /net/pkg/<TAB>
  /net/pkg/ not found

  > cat /etc/auto.master 
  /net	-hosts
  +dir:/etc/auto.master.d
  +auto.master

  The following log message makes me suspicious (comes 3-4 times):
  [Feb 5 01:51] audit: type=1400 audit(1423099036.365:94): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/tmp/autoHBYlmU/" pid=27748 comm="mount" srcname="/tmp/autogYuIlN/" flags="rw, bind"

  But AFAICS rw,bind is allowed:
  >cat /etc/apparmor.d/lxc/lxc-default
  profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
    deny mount fstype=devpts,
  	mount options=(rw, rbind),
  	mount fstype=nfs,
  	mount fstype=nfs4,
  	mount fstype=rpc_pipefs,
  	mount fstype=autofs,
  }
  That's the profile in the global/parent zone used by all our containers. So not sure, whether it is actually a NFSv4 or apparmor bug ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1418279/+subscriptions

More information about the foundations-bugs mailing list