Using proxmox LXC Container Rocky 8.5 image.
I get “permisssion denied” when I try to mount an NFS drive (which IS mountable by an Ubuntu LXC).
Selinux is disabled.
What should I look for?
Hi, when using your mount command, add: -vvv which will expand on the verbose output. You can try with -v but generally one or two more provide extra output, so -vv will provide more, and -vvv even more output. Also check your /var/log/messages file as this can also hint at why it’s unable to mount.
Thanks for your suggestion:
[root@emby11 ~]# mount -a -vvvv
mount.nfs: timeout set for Tue Dec 28 11:23:23 2021
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.100.88,clientaddr=192.168.100.92'
mount.nfs: mount(2): Operation not permitted
mount.nfs: trying text-based options 'addr=192.168.100.88'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.100.88 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.100.88 prog 100005 vers 3 prot UDP port 60935
mount.nfs: mount(2): Operation not permitted
mount.nfs: Operation not permitted
[root@emby11 ~]#
Here’s my /etc/fstab.
[root@emby11 ~]# cat /etc/fstab
filestore:/music/files /srv/storage/Music/ nfs defaults 0 0
[root@emby11 ~]#
Can your verify that the ports are not blocked by a firewall. Are you also sure that it is version 4.2 for the NFS share.
Also check and verify with the same -vvv on the Ubuntu machine that works, as this should also show what NFS version is connecting(3, 4, 4.2), as well as the ports.
This is the ubuntu container:
root@emby10 ~# mount -a -vvvv
mount.nfs: timeout set for Tue Dec 28 12:13:20 2021
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.100.88,clientaddr=192.168.100.95'
/srv/storage/Music : successfully mounted
root@emby10 ~#
and firewalld is not running:
[root@emby11 ~]# firewall-cmd --list-all
-bash: firewall-cmd: command not found
[root@emby11 ~]#
The firewalld.service is not the only way to manage firewall rules.
The real, currently active firewall rules are in the kernel’s nftables and can be seen with:
sudo nft list ruleset
Client 192.168.100.95 can mount, but does server allow 192.168.100.92 as client for same exports?
I’m afraid that command does not work!
[root@emby11 ~]# nft list ruleset
-bash: nft: command not found
[root@emby11 ~]# sudo nft list ruleset
The filestore is an OpenMediaVault VM, and It does not have any specific IP connection rules. A couple of other systems connect to it.
No firewall-cmd nor nft?
It is probably usual for container/cloud to not have any firewall in them and filtering is done by the platform on which they run. Therefore, does “proxmox LXC” have any such settings?
what is the content of /etc/exports on the nfs server?
Relevant contents of /etc/export (generated by OpenMediaVault)
/export/music 192.168.100.0/24(fsid=f4211af4-9fad-4dc3-8707-14c9fcc7e310,rw,subtree_check,insecure)
Actually I have just spotted that the new container is “Unpriviledged” (set to “yes”), whereas the old one is set to “no”. Looks like I can switch it by backing up and restoring - I’ll try that.
…and that was it!. Thanks for the attention, I’ve been wrestling with this off and on for a few days.
Much appreciated.
1 Like