From ecfd8f723f00068a66778f4819d30eedac532395 Mon Sep 17 00:00:00 2001
From: Euan Kemp <euank@coreos.com>
Date: Thu, 26 May 2016 20:33:46 -0700
Subject: [PATCH] rkt: Fix panic in setting ReadOnlyRootFS

---
 pkg/kubelet/rkt/rkt.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/pkg/kubelet/rkt/rkt.go b/pkg/kubelet/rkt/rkt.go
index 10ad9077c6e..8642554d33d 100644
--- a/pkg/kubelet/rkt/rkt.go
+++ b/pkg/kubelet/rkt/rkt.go
@@ -784,10 +784,9 @@ func (r *Runtime) newAppcRuntimeApp(pod *api.Pod, c api.Container, requiresPrivi
 	}
 
 	ra := appcschema.RuntimeApp{
-		Name:           convertToACName(c.Name),
-		Image:          appcschema.RuntimeImage{ID: *hash},
-		App:            imgManifest.App,
-		ReadOnlyRootFS: *c.SecurityContext.ReadOnlyRootFilesystem,
+		Name:  convertToACName(c.Name),
+		Image: appcschema.RuntimeImage{ID: *hash},
+		App:   imgManifest.App,
 		Annotations: []appctypes.Annotation{
 			{
 				Name:  *appctypes.MustACIdentifier(k8sRktContainerHashAnno),
@@ -796,6 +795,10 @@ func (r *Runtime) newAppcRuntimeApp(pod *api.Pod, c api.Container, requiresPrivi
 		},
 	}
 
+	if c.SecurityContext != nil && c.SecurityContext.ReadOnlyRootFilesystem != nil {
+		ra.ReadOnlyRootFS = *c.SecurityContext.ReadOnlyRootFilesystem
+	}
+
 	if mnt != nil {
 		ra.Annotations = append(ra.Annotations, appctypes.Annotation{
 			Name:  *appctypes.MustACIdentifier(k8sRktTerminationMessagePathAnno),