summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-03-08 11:24:44 -0800
committerGitHub <noreply@github.com>2019-03-08 11:24:44 -0800
commitbe6ad02049780027d0c2e1506d9c6bb56d8abd26 (patch)
tree0b0247c5b8440907467a06809f4e67a0940df9a2 /cmd/podman
parentb3d9540b1621954b63a2db8e53a38b572aadb067 (diff)
parent754d486da5ff637c20f05ad0aeb23cdc82bbee96 (diff)
downloadpodman-be6ad02049780027d0c2e1506d9c6bb56d8abd26.tar.gz
podman-be6ad02049780027d0c2e1506d9c6bb56d8abd26.tar.bz2
podman-be6ad02049780027d0c2e1506d9c6bb56d8abd26.zip
Merge pull request #2591 from baude/issue2209
podman play kube defaults
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/play_kube.go22
1 files changed, 13 insertions, 9 deletions
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index 980f3a09c..a9dfee33c 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -243,15 +243,17 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
containerConfig.Name = containerYAML.Name
containerConfig.Tty = containerYAML.TTY
containerConfig.WorkDir = containerYAML.WorkingDir
- if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
- containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
- }
- if containerYAML.SecurityContext.Privileged != nil {
- containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
- }
+ if containerConfig.SecurityOpts != nil {
+ if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
+ containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
+ }
+ if containerYAML.SecurityContext.Privileged != nil {
+ containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
+ }
- if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
- containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
+ if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
+ containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
+ }
}
containerConfig.Command = containerYAML.Command
@@ -268,7 +270,9 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
// disabled in code review per mheon
//containerConfig.PidMode = ns.PidMode(namespaces["pid"])
containerConfig.UsernsMode = ns.UsernsMode(namespaces["user"])
-
+ if len(containerConfig.WorkDir) == 0 {
+ containerConfig.WorkDir = "/"
+ }
if len(containerYAML.Env) > 0 {
envs = make(map[string]string)
}