summaryrefslogtreecommitdiff
path: root/pkg/adapter/pods.go
diff options
context:
space:
mode:
authorPeter Hunt <pehunt@redhat.com>2019-09-06 08:41:02 -0400
committerPeter Hunt <pehunt@redhat.com>2019-09-06 08:41:04 -0400
commit9259693826fadc773dc3f420e5c9e5d5481548e3 (patch)
tree97fd985c8fdb0438f31831cae4dd168457c80867 /pkg/adapter/pods.go
parentb962b1e3538312f145aea0cf5546ae31f35f635f (diff)
downloadpodman-9259693826fadc773dc3f420e5c9e5d5481548e3.tar.gz
podman-9259693826fadc773dc3f420e5c9e5d5481548e3.tar.bz2
podman-9259693826fadc773dc3f420e5c9e5d5481548e3.zip
play kube: fix segfault
when securityContext wasn't specified in yaml. add a test as well Signed-off-by: Peter Hunt <pehunt@redhat.com>
Diffstat (limited to 'pkg/adapter/pods.go')
-rw-r--r--pkg/adapter/pods.go34
1 files changed, 18 insertions, 16 deletions
diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go
index ded805de2..70293a2c5 100644
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@@ -683,25 +683,27 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
containerConfig.User = imageData.Config.User
}
- if containerConfig.SecurityOpts != nil {
- if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
- containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
- }
- if containerYAML.SecurityContext.Privileged != nil {
- containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
- }
+ if containerYAML.SecurityContext != nil {
+ if containerConfig.SecurityOpts != nil {
+ if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
+ containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
+ }
+ if containerYAML.SecurityContext.Privileged != nil {
+ containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
+ }
- if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
- containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
- }
+ if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
+ containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
+ }
- }
- if caps := containerYAML.SecurityContext.Capabilities; caps != nil {
- for _, capability := range caps.Add {
- containerConfig.CapAdd = append(containerConfig.CapAdd, string(capability))
}
- for _, capability := range caps.Drop {
- containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability))
+ if caps := containerYAML.SecurityContext.Capabilities; caps != nil {
+ for _, capability := range caps.Add {
+ containerConfig.CapAdd = append(containerConfig.CapAdd, string(capability))
+ }
+ for _, capability := range caps.Drop {
+ containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability))
+ }
}
}