{"id":265,"date":"2022-01-13T22:35:44","date_gmt":"2022-01-13T20:35:44","guid":{"rendered":"https:\/\/greenhouse.cv.ua\/?p=265"},"modified":"2022-01-13T22:40:54","modified_gmt":"2022-01-13T20:40:54","slug":"add-loop-device-in-proxmox-container","status":"publish","type":"post","link":"https:\/\/greenhouse.cv.ua\/?p=265","title":{"rendered":"Add loop device in Proxmox container"},"content":{"rendered":"\n

Add Apparmor file for container<\/p>\n\n\n\n

root@pve:~# cat \/etc\/apparmor.d\/lxc\/lxc-container-default-cgns-with-mounting\n# Do not load this file.  Rather, load \/etc\/apparmor.d\/lxc-containers, which\n# will source all profiles under \/etc\/apparmor.d\/lxc\n#\n# This profile is a combination of lxc-container-default-cgns and\n# lxc-container-default-with-mounting and other options to allow SAMBA and\n# iso9660 mounts.\n\nprofile lxc-container-default-cgns-with-mounting flags=(attach_disconnected,mediate_deleted) {\n  #include <abstractions\/lxc\/container-base>\n\n# From pofile lxc-container-default-cgns:\n  # the container may never be allowed to mount devpts.  If it does, it\n  # will remount the host's devpts.  We could allow it to do it with\n  # the newinstance option (but, right now, we don't).\n  deny mount fstype=devpts,\n  mount fstype=cgroup -> \/sys\/fs\/cgroup\/**,\n  mount fstype=cgroup2 -> \/sys\/fs\/cgroup\/**,\n\n# From pofile lxc-container-default-with-mounting:\n  # allow standard blockdevtypes.\n  # The concern here is in-kernel superblock parsers bringing down the\n  # host with bad data.  However, we continue to disallow proc, sys, securityfs,\n  # etc to nonstandard locations.\n  mount fstype=ext*,\n  mount fstype=xfs,\n  mount fstype=btrfs,\n\n# Allow SAMBA mounts:\n  mount fstype=cifs,\n\n# Allow iso9660 mounts:\n  mount fstype=iso9660,\n}<\/code><\/pre>\n\n\n\n
Edit conteiner config file<\/p>\n\n\n\n
root@pve:~# cat \/etc\/pve\/lxc\/100.conf\r\nlxc.apparmor.profile: lxc-container-default-cgns-with-mounting\r\nlxc.cgroup2.devices.allow: b 7:* rwm\r\nlxc.cgroup2.devices.allow: c 10:237 rwm\r\nlxc.mount.entry: \/dev\/loop0 dev\/loop0 none bind,create=file 0 0\r\nlxc.mount.entry: \/dev\/loop1 dev\/loop1 none bind,create=file 0 0\r\nlxc.mount.entry: \/dev\/loop2 dev\/loop2 none bind,create=file 0 0\r\nlxc.mount.entry: \/dev\/loop3 dev\/loop3 none bind,create=file 0 0\r\nlxc.mount.entry: \/dev\/loop4 dev\/loop4 none bind,create=file 0 0\r\nlxc.mount.entry: \/dev\/loop5 dev\/loop5 none bind,create=file 0 0\r\nlxc.mount.entry: \/dev\/loop6 dev\/loop6 none bind,create=file 0 0\r\nlxc.mount.entry: \/dev\/loop-control dev\/loop-control none bind,create=file 0 <\/code>0<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
Interactive run container in debug mode vith logging<\/p>\n\n\n\n
lxc-start -n 109 -F -l DEBUG -o \/tmp\/lxc-ID.log<\/p>\n\n\n\n
<\/p>\n\n\n\n
Note:<\/p>\n\n\n\n
  1. If not work delete string “unprivileged: 1” from lxc config file<\/li>
  2. Actual for Proxmox 7<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"
    Add Apparmor file for container Edit conteiner config file Interactive run container in debug mode vith logging lxc-start -n 109 -F -l DEBUG -o \/tmp\/lxc-ID.log . . .<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[7,10],"tags":[],"class_list":["post-265","post","type-post","status-publish","format-standard","hentry","category-linux","category-proxmox"],"aioseo_notices":[],"featured_image_src":null,"author_info":{"display_name":"Bernyk Dmytro","author_link":"https:\/\/greenhouse.cv.ua\/?author=2"},"_links":{"self":[{"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/posts\/265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=265"}],"version-history":[{"count":4,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/posts\/265\/revisions"}],"predecessor-version":[{"id":271,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/posts\/265\/revisions\/271"}],"wp:attachment":[{"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}