[lxc-devel] [lxd/master] lxc-to-lxd: permit defaults in lxc.mount.entry and lxc.cap.drop

axw on Github lxc-bot at linuxcontainers.org
Fri Aug 4 03:00:33 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 693 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170804/8cc8f927/attachment.bin>
-------------- next part --------------
From 6b4f03c18cbc4b660fe8bb402c8457f60b3fc55b Mon Sep 17 00:00:00 2001
From: Andrew Wilkins <axwalk at gmail.com>
Date: Fri, 4 Aug 2017 10:46:41 +0800
Subject: [PATCH 1/2] lxc-to-lxd: ignore sysfs/proc mounts

These are mounted in LXD containers by default,
so just ignore them, to avoid failing in the
os.path.exists test below.

Signed-off-by: Andrew Wilkins <axwalk at gmail.com>
---
 scripts/lxc-to-lxd | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/lxc-to-lxd b/scripts/lxc-to-lxd
index c8063b8e7..3be903f7a 100755
--- a/scripts/lxc-to-lxd
+++ b/scripts/lxc-to-lxd
@@ -399,6 +399,10 @@ def convert_container(lxd_socket, container_name, args):
             print("Invalid mount configuration, skipping...")
             return False
 
+        # Ignore mounts that are present in LXD containers by default.
+        if mount[0] in ("proc", "sysfs"):
+            continue
+
         device = {'type': "disk"}
 
         # Deal with read-only mounts

From 56815324c8f760b2f6d0df4114a606adfd20acdb Mon Sep 17 00:00:00 2001
From: Andrew Wilkins <axwalk at gmail.com>
Date: Fri, 4 Aug 2017 10:55:09 +0800
Subject: [PATCH 2/2] lxc-to-lxd: ignore capabilities dropped by default

These capabilities are dropped by default in LXD
containers, so ignore them rather than bailing.

Also, add a missing comma at the end of the line for
lxc.cap.drop in the list of handled attributes.

Signed-off-by: Andrew Wilkins <axwalk at gmail.com>
---
 scripts/lxc-to-lxd | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/scripts/lxc-to-lxd b/scripts/lxc-to-lxd
index 3be903f7a..b9728d346 100755
--- a/scripts/lxc-to-lxd
+++ b/scripts/lxc-to-lxd
@@ -87,7 +87,7 @@ keys_to_check = [
     'lxc.rebootsignal',
     'lxc.stopsignal',
     'lxc.mount.entry',
-    'lxc.cap.drop'
+    'lxc.cap.drop',
     # 'lxc.cap.keep',
     'lxc.seccomp',
     # 'lxc.se_context',
@@ -476,8 +476,12 @@ def convert_container(lxd_socket, container_name, args):
     print("Processing container capabilities configuration")
     value = config_get(lxc_config, "lxc.cap.drop")
     if value:
-        print("Custom capabilities aren't supported, skipping...")
-        return False
+        for cap in value:
+            # Ignore capabilities that are dropped in LXD containers by default.
+            if cap in ("mac_admin", "mac_override", "sys_module", "sys_time"):
+                continue
+            print("Custom capabilities aren't supported, skipping...")
+            return False
 
     value = config_get(lxc_config, "lxc.cap.keep")
     if value:

More information about the lxc-devel mailing list