尝试挂载 Proxmox 5 机器导出的 NFS 共享时如何修复“mount.nfs：访问被拒绝...”？

我正在尝试从 Proxmox 5 主机挂载 NFS 共享，但遇到问题。我有以下两台机器：

192.168.1.3    proxmox debian box (nfs-host)
192.168.1.31   ubuntu 16.04 (nfs-client)

/mnt/storage（NFS 客户端）的权限：

drwxrwxrwx 11 nobody nogroup 4096 Oct  7 10:28 storage

/etc/exports（NFS主机）的内容：

/mnt/storage 192.168.1.31(rw,sync,no_subtree_check)

showmount -e 192.168.1.3（NFS 客户端）的输出：

Export list for 192.168.1.3:
/mnt/storage 192.168.1.31

尝试从客户端挂载失败：

me@client:/mnt/storage$ sudo mount 192.168.1.3:/mnt/storage /mnt/storage
mount.nfs: access denied by server while mounting 192.168.1.3:/mnt/storage

我运行exportfs -ra并重新启动了 nfs 内核服务器，但仍然没有任何乐趣。我也尝试了问题中的所有建议mount.nfs：在 Ubuntu 计算机上安装时服务器拒绝访问？，但没有任何对我有用。底部只有一两个答案与 docker 有关，而另一个答案则有拼写错误的 IP，这两个答案都与我无关。

我可以 ping 两台主机，并且两台主机都可以访问互联网并互相查看，因此我认为这不是网络问题。

/var/log/messages现在我在主机上看到这些错误：

Oct  7 10:06:36 pve kernel: [44667.325940] audit: type=1400 audit(1507385196.790:23): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default-cgns" name="/mnt/storage/" pid=15053 comm="mount.nfs4" fstype="nfs4" srcname="192.168.1.3:/export/storage"
Oct  7 10:07:05 pve kernel: [44696.096558] audit: type=1400 audit(1507385225.559:24): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default-cgns" name="/mnt/storage/" pid=15112 comm="mount.nfs" fstype="nfs" srcname="192.168.1.3:/export/storage"

/etc/apparmor.d/lxc/根据要求，以下是包含单词 的所有文件的内容mount：

root@host:/etc/apparmor.d/lxc# ll
total 24
drwxr-xr-x 2 root root 4096 Oct  6 13:24 .
drwxr-xr-x 9 root root 4096 Oct  6 13:24 ..
-rw-r--r-- 1 root root  479 Jun 30 05:01 lxc-default
-rw-r--r-- 1 root root  528 Jun 30 05:01 lxc-default-cgns
-rw-r--r-- 1 root root  544 Jun 30 05:01 lxc-default-with-mounting
-rw-r--r-- 1 root root  527 Jun 30 05:01 lxc-default-with-nesting

root@host:/etc/apparmor.d/lxc# cat lxc-default
# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>

  # the container may never be allowed to mount devpts.  If it does, it
  # will remount the host's devpts.  We could allow it to do it with
  # the newinstance option (but, right now, we don't).
  deny mount fstype=devpts,
}



root@host:/etc/apparmor.d/lxc# cat lxc-default-cgns
# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>

  # the container may never be allowed to mount devpts.  If it does, it
  # will remount the host's devpts.  We could allow it to do it with
  # the newinstance option (but, right now, we don't).
  deny mount fstype=devpts,
  mount fstype=cgroup -> /sys/fs/cgroup/**,
}



root@host:/etc/apparmor.d/lxc# cat lxc-default-with-mounting
# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>

# allow standard blockdevtypes.
# The concern here is in-kernel superblock parsers bringing down the
# host with bad data.  However, we continue to disallow proc, sys, securityfs,
# etc to nonstandard locations.
  mount fstype=ext*,
  mount fstype=xfs,
  mount fstype=btrfs,
}



root@host:/etc/apparmor.d/lxc# cat lxc-default-with-nesting
# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>
  #include <abstractions/lxc/start-container>

  deny /dev/.lxc/proc/** rw,
  deny /dev/.lxc/sys/** rw,
  mount fstype=proc -> /var/cache/lxc/**,
  mount fstype=sysfs -> /var/cache/lxc/**,
  mount options=(rw,bind),
  mount fstype=cgroup -> /sys/fs/cgroup/**,
}