play kube: fix segfault

when securityContext wasn't specified in yaml. add a test as well Signed-off-by: Peter Hunt <pehunt@redhat.com>
author: Peter Hunt <pehunt@redhat.com> 2019-09-06 08:41:02 -0400
committer: Peter Hunt <pehunt@redhat.com> 2019-09-06 08:41:04 -0400
commit: 9259693826fadc773dc3f420e5c9e5d5481548e3 (patch)
tree: 97fd985c8fdb0438f31831cae4dd168457c80867 /pkg
parent: b962b1e3538312f145aea0cf5546ae31f35f635f (diff)
download: podman-9259693826fadc773dc3f420e5c9e5d5481548e3.tar.gz
podman-9259693826fadc773dc3f420e5c9e5d5481548e3.tar.bz2
podman-9259693826fadc773dc3f420e5c9e5d5481548e3.zip
1 files changed, 18 insertions, 16 deletions
diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go
index ded805de2..70293a2c5 100644
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@@ -683,25 +683,27 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
 		containerConfig.User = imageData.Config.User
 	}
 
-	if containerConfig.SecurityOpts != nil {
-		if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
-			containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
-		}
-		if containerYAML.SecurityContext.Privileged != nil {
-			containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
-		}
+	if containerYAML.SecurityContext != nil {
+		if containerConfig.SecurityOpts != nil {
+			if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
+				containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
+			}
+			if containerYAML.SecurityContext.Privileged != nil {
+				containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
+			}
 
-		if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
-			containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
-		}
+			if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
+				containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
+			}
 
-	}
-	if caps := containerYAML.SecurityContext.Capabilities; caps != nil {
-		for _, capability := range caps.Add {
-			containerConfig.CapAdd = append(containerConfig.CapAdd, string(capability))
 		}
-		for _, capability := range caps.Drop {
-			containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability))
+		if caps := containerYAML.SecurityContext.Capabilities; caps != nil {
+			for _, capability := range caps.Add {
+				containerConfig.CapAdd = append(containerConfig.CapAdd, string(capability))
+			}
+			for _, capability := range caps.Drop {
+				containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability))
+			}
 		}
 	}
author	Peter Hunt <pehunt@redhat.com>	2019-09-06 08:41:02 -0400
committer	Peter Hunt <pehunt@redhat.com>	2019-09-06 08:41:04 -0400
commit	9259693826fadc773dc3f420e5c9e5d5481548e3 (patch)
tree	97fd985c8fdb0438f31831cae4dd168457c80867 /pkg
parent	b962b1e3538312f145aea0cf5546ae31f35f635f (diff)
download	podman-9259693826fadc773dc3f420e5c9e5d5481548e3.tar.gz podman-9259693826fadc773dc3f420e5c9e5d5481548e3.tar.bz2 podman-9259693826fadc773dc3f420e5c9e5d5481548e3.zip