UPSTREAM: 22857: partial - ensure DetermineEffectiveSC retains the container setting for readonlyrootfs

Paul Weil · deads2k · commit c16bf6eb307f · 2016-04-12T15:13:54.000-04:00
:100644 100644 9bd5b16... de6a16d... M	pkg/securitycontext/provider.go
diff --git a/pkg/securitycontext/provider.go b/pkg/securitycontext/provider.go
@@ -159,6 +159,11 @@ func DetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *
 		*effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot
 	}
 
+	if containerSc.ReadOnlyRootFilesystem != nil {
+		effectiveSc.ReadOnlyRootFilesystem = new(bool)
+		*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
+	}
+
 	return effectiveSc
 }
 

Original file line number	Diff line number	Diff line change
`@@ -159,6 +159,11 @@ func DetermineEffectiveSecurityContext(pod api.Pod, container api.Container) *`
`159`	`159`	`effectiveSc.RunAsNonRoot = containerSc.RunAsNonRoot`
`160`	`160`	`}`
`161`	`161`
	`162`	`+ if containerSc.ReadOnlyRootFilesystem != nil {`
	`163`	`+ effectiveSc.ReadOnlyRootFilesystem = new(bool)`
	`164`	`+ effectiveSc.ReadOnlyRootFilesystem = containerSc.ReadOnlyRootFilesystem`
	`165`	`+ }`
	`166`	`+`
`162`	`167`	`return effectiveSc`
`163`	`168`	`}`
`164`	`169`