Commit 04dc71f9 authored by Paul Weil's avatar Paul Weil

retain read only root file system in determineEffectiveSecurityContext

parent e0f7de94
...@@ -159,6 +159,11 @@ func DetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) * ...@@ -159,6 +159,11 @@ func DetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *
*effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot *effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot
} }
if containerSc.ReadOnlyRootFilesystem != nil {
effectiveSc.ReadOnlyRootFilesystem = new(bool)
*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
}
return effectiveSc return effectiveSc
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment