The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/3632
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Ignore sysfs and proc mounts, which are mounted in LXD containers by default. If they're not ignored, the os.path.exists test will fail. Ignore lxc.cap.drop values that are dropped by default in LXD containers, rather than bailing. Also, add a missing comma at the end of the line for lxc.cap.drop in the list of handled attributes. Signed-off-by: Andrew Wilkins <[email protected]>
From 6b4f03c18cbc4b660fe8bb402c8457f60b3fc55b Mon Sep 17 00:00:00 2001 From: Andrew Wilkins <[email protected]> Date: Fri, 4 Aug 2017 10:46:41 +0800 Subject: [PATCH 1/2] lxc-to-lxd: ignore sysfs/proc mounts These are mounted in LXD containers by default, so just ignore them, to avoid failing in the os.path.exists test below. Signed-off-by: Andrew Wilkins <[email protected]> --- scripts/lxc-to-lxd | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/lxc-to-lxd b/scripts/lxc-to-lxd index c8063b8e7..3be903f7a 100755 --- a/scripts/lxc-to-lxd +++ b/scripts/lxc-to-lxd @@ -399,6 +399,10 @@ def convert_container(lxd_socket, container_name, args): print("Invalid mount configuration, skipping...") return False + # Ignore mounts that are present in LXD containers by default. + if mount[0] in ("proc", "sysfs"): + continue + device = {'type': "disk"} # Deal with read-only mounts From 56815324c8f760b2f6d0df4114a606adfd20acdb Mon Sep 17 00:00:00 2001 From: Andrew Wilkins <[email protected]> Date: Fri, 4 Aug 2017 10:55:09 +0800 Subject: [PATCH 2/2] lxc-to-lxd: ignore capabilities dropped by default These capabilities are dropped by default in LXD containers, so ignore them rather than bailing. Also, add a missing comma at the end of the line for lxc.cap.drop in the list of handled attributes. Signed-off-by: Andrew Wilkins <[email protected]> --- scripts/lxc-to-lxd | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/lxc-to-lxd b/scripts/lxc-to-lxd index 3be903f7a..b9728d346 100755 --- a/scripts/lxc-to-lxd +++ b/scripts/lxc-to-lxd @@ -87,7 +87,7 @@ keys_to_check = [ 'lxc.rebootsignal', 'lxc.stopsignal', 'lxc.mount.entry', - 'lxc.cap.drop' + 'lxc.cap.drop', # 'lxc.cap.keep', 'lxc.seccomp', # 'lxc.se_context', @@ -476,8 +476,12 @@ def convert_container(lxd_socket, container_name, args): print("Processing container capabilities configuration") value = config_get(lxc_config, "lxc.cap.drop") if value: - print("Custom capabilities aren't supported, skipping...") - return False + for cap in value: + # Ignore capabilities that are dropped in LXD containers by default. + if cap in ("mac_admin", "mac_override", "sys_module", "sys_time"): + continue + print("Custom capabilities aren't supported, skipping...") + return False value = config_get(lxc_config, "lxc.cap.keep") if value:
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
