github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Use read-only root filesystem capabilities of appc & rkt

Browse Source
This commit is contained in:
Tamer Tas 2016-05-17 09:42:55 +03:00
parent d6d0a6eb83
commit 239c04d60d
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/kubelet/rkt/rkt.go
View File

@ -764,9 +764,10 @@ func (r *Runtime) newAppcRuntimeApp(pod *api.Pod, c api.Container, pullSecrets [
} }
ra := appcschema.RuntimeApp{ ra := appcschema.RuntimeApp{
Name: convertToACName(c.Name), Name: convertToACName(c.Name),
Image: appcschema.RuntimeImage{ID: *hash}, Image: appcschema.RuntimeImage{ID: *hash},
App: imgManifest.App, App: imgManifest.App,
ReadOnlyRootFS: *c.SecurityContext.ReadOnlyRootFilesystem,
Annotations: []appctypes.Annotation{ Annotations: []appctypes.Annotation{
{ {
Name: *appctypes.MustACIdentifier(k8sRktContainerHashAnno), Name: *appctypes.MustACIdentifier(k8sRktContainerHashAnno),