diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-03-08 11:24:44 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-08 11:24:44 -0800 |
commit | be6ad02049780027d0c2e1506d9c6bb56d8abd26 (patch) | |
tree | 0b0247c5b8440907467a06809f4e67a0940df9a2 /cmd/podman | |
parent | b3d9540b1621954b63a2db8e53a38b572aadb067 (diff) | |
parent | 754d486da5ff637c20f05ad0aeb23cdc82bbee96 (diff) | |
download | podman-be6ad02049780027d0c2e1506d9c6bb56d8abd26.tar.gz podman-be6ad02049780027d0c2e1506d9c6bb56d8abd26.tar.bz2 podman-be6ad02049780027d0c2e1506d9c6bb56d8abd26.zip |
Merge pull request #2591 from baude/issue2209
podman play kube defaults
Diffstat (limited to 'cmd/podman')
-rw-r--r-- | cmd/podman/play_kube.go | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go index 980f3a09c..a9dfee33c 100644 --- a/cmd/podman/play_kube.go +++ b/cmd/podman/play_kube.go @@ -243,15 +243,17 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run containerConfig.Name = containerYAML.Name containerConfig.Tty = containerYAML.TTY containerConfig.WorkDir = containerYAML.WorkingDir - if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil { - containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem - } - if containerYAML.SecurityContext.Privileged != nil { - containerConfig.Privileged = *containerYAML.SecurityContext.Privileged - } + if containerConfig.SecurityOpts != nil { + if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil { + containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem + } + if containerYAML.SecurityContext.Privileged != nil { + containerConfig.Privileged = *containerYAML.SecurityContext.Privileged + } - if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil { - containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation + if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil { + containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation + } } containerConfig.Command = containerYAML.Command @@ -268,7 +270,9 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run // disabled in code review per mheon //containerConfig.PidMode = ns.PidMode(namespaces["pid"]) containerConfig.UsernsMode = ns.UsernsMode(namespaces["user"]) - + if len(containerConfig.WorkDir) == 0 { + containerConfig.WorkDir = "/" + } if len(containerYAML.Env) > 0 { envs = make(map[string]string) } |