From ecfd8f723f00068a66778f4819d30eedac532395 Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Thu, 26 May 2016 20:33:46 -0700 Subject: [PATCH] rkt: Fix panic in setting ReadOnlyRootFS --- pkg/kubelet/rkt/rkt.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pkg/kubelet/rkt/rkt.go b/pkg/kubelet/rkt/rkt.go index 10ad9077c6e..8642554d33d 100644 --- a/pkg/kubelet/rkt/rkt.go +++ b/pkg/kubelet/rkt/rkt.go @@ -784,10 +784,9 @@ func (r *Runtime) newAppcRuntimeApp(pod *api.Pod, c api.Container, requiresPrivi } ra := appcschema.RuntimeApp{ - Name: convertToACName(c.Name), - Image: appcschema.RuntimeImage{ID: *hash}, - App: imgManifest.App, - ReadOnlyRootFS: *c.SecurityContext.ReadOnlyRootFilesystem, + Name: convertToACName(c.Name), + Image: appcschema.RuntimeImage{ID: *hash}, + App: imgManifest.App, Annotations: []appctypes.Annotation{ { Name: *appctypes.MustACIdentifier(k8sRktContainerHashAnno), @@ -796,6 +795,10 @@ func (r *Runtime) newAppcRuntimeApp(pod *api.Pod, c api.Container, requiresPrivi }, } + if c.SecurityContext != nil && c.SecurityContext.ReadOnlyRootFilesystem != nil { + ra.ReadOnlyRootFS = *c.SecurityContext.ReadOnlyRootFilesystem + } + if mnt != nil { ra.Annotations = append(ra.Annotations, appctypes.Annotation{ Name: *appctypes.MustACIdentifier(k8sRktTerminationMessagePathAnno),