summaryrefslogtreecommitdiff
path: root/libpod/kube.go
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2019-02-11 09:07:34 -0600
committerbaude <bbaude@redhat.com>2019-02-11 09:20:30 -0600
commit440dd8c2ed5127d657e06e10b48b9ee8d423a799 (patch)
tree4c5ac398979a6e548d8646f7f746bf6ab36757f7 /libpod/kube.go
parentacf2e913730a27fcdc3fcd7c160aa19e071dde36 (diff)
downloadpodman-440dd8c2ed5127d657e06e10b48b9ee8d423a799.tar.gz
podman-440dd8c2ed5127d657e06e10b48b9ee8d423a799.tar.bz2
podman-440dd8c2ed5127d657e06e10b48b9ee8d423a799.zip
lock and sync container before checking mountpoint
when checking for a container's mountpoint, you must lock and sync the container or the result may be "". Fixes: #2304 Signed-off-by: baude <bbaude@redhat.com>
Diffstat (limited to 'libpod/kube.go')
-rw-r--r--libpod/kube.go10
1 files changed, 8 insertions, 2 deletions
diff --git a/libpod/kube.go b/libpod/kube.go
index f34805e39..16cebf99b 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -401,7 +401,7 @@ func capAddDrop(caps *specs.LinuxCapabilities) (*v1.Capabilities, error) {
func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) {
priv := c.Privileged()
ro := c.IsReadOnly()
- allowPrivEscalation := !c.Spec().Process.NoNewPrivileges
+ allowPrivEscalation := !c.config.Spec.Process.NoNewPrivileges
newCaps, err := capAddDrop(c.config.Spec.Process.Capabilities)
if err != nil {
@@ -421,7 +421,13 @@ func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) {
}
if c.User() != "" {
- // It is *possible* that
+ if !c.batched {
+ c.lock.Lock()
+ defer c.lock.Unlock()
+ }
+ if err := c.syncContainer(); err != nil {
+ return nil, errors.Wrapf(err, "unable to sync container during YAML generation")
+ }
logrus.Debugf("Looking in container for user: %s", c.User())
u, err := lookup.GetUser(c.state.Mountpoint, c.User())
if err != nil {