Fix pod sandbox privilege.

Signed-off-by: Lantao Liu <lantaol@google.com>
2026-01-05 07:27:21 +00:00 · 2018-01-29 18:55:40 +00:00
parent 03b3d599fe
commit 18a0e80a33
2 changed files with 15 additions and 1 deletions
--- a/pkg/kubelet/container/helpers.go
+++ b/pkg/kubelet/container/helpers.go
@@ -302,7 +302,7 @@ func GetContainerSpec(pod *v1.Pod, containerName string) *v1.Container {

 // HasPrivilegedContainer returns true if any of the containers in the pod are privileged.
 func HasPrivilegedContainer(pod *v1.Pod) bool {
-	for _, c := range pod.Spec.Containers {
+	for _, c := range append(pod.Spec.Containers, pod.Spec.InitContainers...) {
 		if c.SecurityContext != nil &&
 			c.SecurityContext.Privileged != nil &&
 			*c.SecurityContext.Privileged {