I use privileged containers for internal use. They ar supposed to have all
privileges, but when I did this
mount -o loop /CentOS-8-x86_64-1905-dvd1.iso /opt
mount: /opt: mount failed: Operation not permitted.
here is my configuration
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
lxc.tty.max = 10
lxc.pty.max = 1024
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rwm
lxc.cgroup.devices.allow = c 10:137 rwm # loop-control
lxc.cgroup.devices.allow = b 7:* rwm # loop*
lxc.cgroup.devices.allow = c 10:229 rwm #fuse
lxc.hook.autodev = sh -c 'mknod ${LXC_ROOTFS_MOUNT}/dev/fuse c 10 229'
lxc.mount.auto = cgroup:mixed
lxc.cap.drop =
lxc.uts.name = mysql
lxc.autodev = 1
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_incomplete = 1
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
