diff options
author | Peter Hunt <pehunt@redhat.com> | 2019-09-06 08:41:02 -0400 |
---|---|---|
committer | Peter Hunt <pehunt@redhat.com> | 2019-09-06 08:41:04 -0400 |
commit | 9259693826fadc773dc3f420e5c9e5d5481548e3 (patch) | |
tree | 97fd985c8fdb0438f31831cae4dd168457c80867 /pkg/adapter/pods.go | |
parent | b962b1e3538312f145aea0cf5546ae31f35f635f (diff) | |
download | podman-9259693826fadc773dc3f420e5c9e5d5481548e3.tar.gz podman-9259693826fadc773dc3f420e5c9e5d5481548e3.tar.bz2 podman-9259693826fadc773dc3f420e5c9e5d5481548e3.zip |
play kube: fix segfault
when securityContext wasn't specified in yaml.
add a test as well
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Diffstat (limited to 'pkg/adapter/pods.go')
-rw-r--r-- | pkg/adapter/pods.go | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go index ded805de2..70293a2c5 100644 --- a/pkg/adapter/pods.go +++ b/pkg/adapter/pods.go @@ -683,25 +683,27 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container containerConfig.User = imageData.Config.User } - if containerConfig.SecurityOpts != nil { - if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil { - containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem - } - if containerYAML.SecurityContext.Privileged != nil { - containerConfig.Privileged = *containerYAML.SecurityContext.Privileged - } + if containerYAML.SecurityContext != nil { + if containerConfig.SecurityOpts != nil { + if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil { + containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem + } + if containerYAML.SecurityContext.Privileged != nil { + containerConfig.Privileged = *containerYAML.SecurityContext.Privileged + } - if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil { - containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation - } + if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil { + containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation + } - } - if caps := containerYAML.SecurityContext.Capabilities; caps != nil { - for _, capability := range caps.Add { - containerConfig.CapAdd = append(containerConfig.CapAdd, string(capability)) } - for _, capability := range caps.Drop { - containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability)) + if caps := containerYAML.SecurityContext.Capabilities; caps != nil { + for _, capability := range caps.Add { + containerConfig.CapAdd = append(containerConfig.CapAdd, string(capability)) + } + for _, capability := range caps.Drop { + containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability)) + } } } |