summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2019-03-08 12:35:12 -0600
committerbaude <bbaude@redhat.com>2019-03-08 12:36:25 -0600
commit754d486da5ff637c20f05ad0aeb23cdc82bbee96 (patch)
tree58ac5621409c74f8aa9e479d611acb74bf742711 /cmd/podman
parent5ae7359184a20859d775bc59f1b1c53348b04ecd (diff)
downloadpodman-754d486da5ff637c20f05ad0aeb23cdc82bbee96.tar.gz
podman-754d486da5ff637c20f05ad0aeb23cdc82bbee96.tar.bz2
podman-754d486da5ff637c20f05ad0aeb23cdc82bbee96.zip
podman play kube defaults
if an input YAML file lacks securitycontext and working dir for a container, we need to be able to handle that. if no default for working dir is provided, we use a default of "/". fixes issue #2209 Signed-off-by: baude <bbaude@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/play_kube.go22
1 files changed, 13 insertions, 9 deletions
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index 980f3a09c..a9dfee33c 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -243,15 +243,17 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
containerConfig.Name = containerYAML.Name
containerConfig.Tty = containerYAML.TTY
containerConfig.WorkDir = containerYAML.WorkingDir
- if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
- containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
- }
- if containerYAML.SecurityContext.Privileged != nil {
- containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
- }
+ if containerConfig.SecurityOpts != nil {
+ if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
+ containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
+ }
+ if containerYAML.SecurityContext.Privileged != nil {
+ containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
+ }
- if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
- containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
+ if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
+ containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
+ }
}
containerConfig.Command = containerYAML.Command
@@ -268,7 +270,9 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
// disabled in code review per mheon
//containerConfig.PidMode = ns.PidMode(namespaces["pid"])
containerConfig.UsernsMode = ns.UsernsMode(namespaces["user"])
-
+ if len(containerConfig.WorkDir) == 0 {
+ containerConfig.WorkDir = "/"
+ }
if len(containerYAML.Env) > 0 {
envs = make(map[string]string)
}