diff options
| author | baude <bbaude@redhat.com> | 2019-03-08 12:35:12 -0600 |
|---|---|---|
| committer | baude <bbaude@redhat.com> | 2019-03-08 12:36:25 -0600 |
| commit | 754d486da5ff637c20f05ad0aeb23cdc82bbee96 (patch) | |
| tree | 58ac5621409c74f8aa9e479d611acb74bf742711 /cmd | |
| parent | 5ae7359184a20859d775bc59f1b1c53348b04ecd (diff) | |
| download | podman-754d486da5ff637c20f05ad0aeb23cdc82bbee96.tar.gz podman-754d486da5ff637c20f05ad0aeb23cdc82bbee96.tar.bz2 podman-754d486da5ff637c20f05ad0aeb23cdc82bbee96.zip | |
podman play kube defaults
if an input YAML file lacks securitycontext and working dir for
a container, we need to be able to handle that. if no default for
working dir is provided, we use a default of "/".
fixes issue #2209
Signed-off-by: baude <bbaude@redhat.com>
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/podman/play_kube.go | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go index 980f3a09c..a9dfee33c 100644 --- a/cmd/podman/play_kube.go +++ b/cmd/podman/play_kube.go @@ -243,15 +243,17 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run containerConfig.Name = containerYAML.Name containerConfig.Tty = containerYAML.TTY containerConfig.WorkDir = containerYAML.WorkingDir - if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil { - containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem - } - if containerYAML.SecurityContext.Privileged != nil { - containerConfig.Privileged = *containerYAML.SecurityContext.Privileged - } + if containerConfig.SecurityOpts != nil { + if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil { + containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem + } + if containerYAML.SecurityContext.Privileged != nil { + containerConfig.Privileged = *containerYAML.SecurityContext.Privileged + } - if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil { - containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation + if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil { + containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation + } } containerConfig.Command = containerYAML.Command @@ -268,7 +270,9 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run // disabled in code review per mheon //containerConfig.PidMode = ns.PidMode(namespaces["pid"]) containerConfig.UsernsMode = ns.UsernsMode(namespaces["user"]) - + if len(containerConfig.WorkDir) == 0 { + containerConfig.WorkDir = "/" + } if len(containerYAML.Env) > 0 { envs = make(map[string]string) } |