Commit 81ce2128 authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Add support and docs for systems using AppArmor

parent f1590ab8

README.md

+20 −0
Original line number Diff line number Diff line 
# nfs-server



## AppArmor



If your Docker host has [AppArmor](https://wiki.ubuntu.com/AppArmor) activated, you'll need to perform additional steps to allow the container to start an NFS server.



1. Ensure you have the `apparmor-utils` installed package installed on the Docker host. e.g. for Debian or Ubuntu:



       $ sudo apt-get install apparmor-utils



1. Create a file on the Docker host with the following contents:



       #include <tunables/global>

       profile nfs-server flags=(attach_disconnected,mediate_deleted) {

         #include <abstractions/lxc/container-base>

         mount fstype=nfs*,

         mount fstype=rpc_pipefs,

       }



1. Load this profile into the kernel with [`apparmor_parser`](http://manpages.ubuntu.com/manpages/xenial/man8/apparmor_parser.8.html):



       $ sudo apparmor_parser -r -W /path/to/file/from/previous/step

docker-compose.yml

+2 −0
Original line number Diff line number Diff line
@@ -18,6 +18,8 @@ services: 
    cap_add:

      - SYS_ADMIN

      - SYS_MODULE

    security_opt:

      - apparmor=nfs-server

    restart: always

    cpus: '${CPUS:-0.5}'

    mem_limit: ${MEM_LIMIT:-32M}