github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #25719 from tmrts/rk8s/read-only-rootfs

Browse Source 
Automatic merge from submit-queue

Use read-only root filesystem capabilities of rkt

Propagates `api.Container.SecurityContext.ReadOnlyRootFileSystem` flag to rkt container runtime.

cc @yifan-gu 

Fixes #23837
This commit is contained in:
k8s-merge-robot 2016-05-25 17:58:03 -07:00
commit e7022106ff
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/kubelet/rkt/rkt.go
View File

@ -784,9 +784,10 @@ func (r *Runtime) newAppcRuntimeApp(pod *api.Pod, c api.Container, requiresPrivi
} }
ra := appcschema.RuntimeApp{ ra := appcschema.RuntimeApp{
Name: convertToACName(c.Name), Name: convertToACName(c.Name),
Image: appcschema.RuntimeImage{ID: *hash}, Image: appcschema.RuntimeImage{ID: *hash},
App: imgManifest.App, App: imgManifest.App,
ReadOnlyRootFS: *c.SecurityContext.ReadOnlyRootFilesystem,
Annotations: []appctypes.Annotation{ Annotations: []appctypes.Annotation{
{ {
Name: *appctypes.MustACIdentifier(k8sRktContainerHashAnno), Name: *appctypes.MustACIdentifier(k8sRktContainerHashAnno),