github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

retain read only root file system in determineEffectiveSecurityContext

Browse Source
This commit is contained in:
Paul Weil 2016-05-05 19:25:58 -04:00
parent e0f7de94f5
commit 04dc71f959
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/securitycontext/provider.go
View File

@ -159,6 +159,11 @@ func DetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *
*effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot *effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot
} }
if containerSc.ReadOnlyRootFilesystem != nil {
effectiveSc.ReadOnlyRootFilesystem = new(bool)
*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
}
return effectiveSc return effectiveSc
} }