When trying to do a command like this on a system running inside an LXC container on Proxmox:
- mount -t cifs '\\172.55.0.60\downloads' -o username=myuser,password=mypass /mnt/downloads
Linux threw the error mount error(13): Permission denied. `tcpdump` showed that no traffic was leaving the container and `strace` didn’t throw up a lot of useful info.
dmesg said this:
- [171150.670602] audit: type=1400 audit(1471291773.083:167): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default" name="/run/shm/" pid=59433 comm="mount" flags="rw, nosuid, nodev, noexec, remount, relatime"
This reddit post finally yielded the answer. You need to edit /etc/apparmor.d/lxc/lxc-default and below the last deny mount line, add this:
- allow mount fstype=cifs,
The final config file will look something like this:
- # Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
- # will source all profiles under /etc/apparmor.d/lxc
-
- profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
- #include <abstractions/lxc/container-base>
-
- # the container may never be allowed to mount devpts. If it does, it
- # will remount the host's devpts. We could allow it to do it with
- # the newinstance option (but, right now, we don't).
- deny mount fstype=devpts,
- allow mount fstype=cifs,
- }
Now restart apparmour:
- systemctl restart apparmor.service
Shut down your VM and start it again.
Your mount command might well work now. If not, check logs again to be sure it’s not a secondary problem (e.g. incorrect hashing algorithm).