From 42f61795178700199c356f2b2a3468afea8e96bf Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Tue, 1 Nov 2016 13:21:12 +0100 Subject: [PATCH] dockershim: only set sysctl in infra container --- pkg/kubelet/dockershim/docker_container.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkg/kubelet/dockershim/docker_container.go b/pkg/kubelet/dockershim/docker_container.go index 74d3abf4a12..29abb13a31e 100644 --- a/pkg/kubelet/dockershim/docker_container.go +++ b/pkg/kubelet/dockershim/docker_container.go @@ -125,13 +125,6 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeApi Privileged: config.GetPrivileged(), } - // Set sysctls if requested - sysctls, err := getSysctlsFromAnnotations(config.Annotations) - if err != nil { - return "", fmt.Errorf("failed to get sysctls from annotations %v for container %q: %v", config.Annotations, config.Metadata.GetName(), err) - } - hc.Sysctls = sysctls - // Apply options derived from the sandbox config. if lc := sandboxConfig.GetLinux(); lc != nil { // Apply Cgroup options. @@ -176,6 +169,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeApi // Note: ShmSize is handled in kube_docker_client.go } + var err error hc.SecurityOpt, err = getContainerSecurityOpts(config.Metadata.GetName(), sandboxConfig, ds.seccompProfileRoot) if err != nil { return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.GetName(), err)