From 20cc40a5dc51f0f876098d99f05a71daeaf0edc5 Mon Sep 17 00:00:00 2001
From: Jess Frazelle <me@jessfraz.com>
Date: Thu, 14 Jun 2018 18:05:18 -0400
Subject: [PATCH] ProcMount: add dockershim support

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
---
 pkg/kubelet/dockershim/libdocker/kube_docker_client.go | 4 ++--
 pkg/kubelet/dockershim/security_context.go             | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/kubelet/dockershim/libdocker/kube_docker_client.go b/pkg/kubelet/dockershim/libdocker/kube_docker_client.go
index 02ef40bc797..13a1eab5559 100644
--- a/pkg/kubelet/dockershim/libdocker/kube_docker_client.go
+++ b/pkg/kubelet/dockershim/libdocker/kube_docker_client.go
@@ -205,7 +205,7 @@ func (d *kubeDockerClient) inspectImageRaw(ref string) (*dockertypes.ImageInspec
 		return nil, ctxErr
 	}
 	if err != nil {
-		if dockerapi.IsErrImageNotFound(err) {
+		if dockerapi.IsErrNotFound(err) {
 			err = ImageNotFoundError{ID: ref}
 		}
 		return nil, err
@@ -469,7 +469,7 @@ func (d *kubeDockerClient) StartExec(startExec string, opts dockertypes.ExecStar
 		}
 		return err
 	}
-	resp, err := d.client.ContainerExecAttach(ctx, startExec, dockertypes.ExecConfig{
+	resp, err := d.client.ContainerExecAttach(ctx, startExec, dockertypes.ExecStartCheck{
 		Detach: opts.Detach,
 		Tty:    opts.Tty,
 	})
diff --git a/pkg/kubelet/dockershim/security_context.go b/pkg/kubelet/dockershim/security_context.go
index 343c3876480..e2724357136 100644
--- a/pkg/kubelet/dockershim/security_context.go
+++ b/pkg/kubelet/dockershim/security_context.go
@@ -137,6 +137,9 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig *
 		hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, "no-new-privileges")
 	}
 
+	hostConfig.MaskedPaths = sc.MaskedPaths
+	hostConfig.ReadonlyPaths = sc.ReadonlyPaths
+
 	return nil
 }