From 071c66a01199814f03f8f1a99f2c78a332fc55d7 Mon Sep 17 00:00:00 2001
From: Seth Jennings <sjenning@redhat.com>
Date: Mon, 30 Jan 2017 13:51:00 -0600
Subject: [PATCH] fix nil deref in exec admission

---
 plugin/pkg/admission/exec/admission.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugin/pkg/admission/exec/admission.go b/plugin/pkg/admission/exec/admission.go
index e82bb020e8..610b3feb9a 100644
--- a/plugin/pkg/admission/exec/admission.go
+++ b/plugin/pkg/admission/exec/admission.go
@@ -110,7 +110,7 @@ func (d *denyExec) Admit(a admission.Attributes) (err error) {
 // isPrivileged will return true a pod has any privileged containers
 func isPrivileged(pod *api.Pod) bool {
 	for _, c := range pod.Spec.InitContainers {
-		if c.SecurityContext == nil {
+		if c.SecurityContext == nil || c.SecurityContext.Privileged == nil {
 			continue
 		}
 		if *c.SecurityContext.Privileged {
@@ -118,7 +118,7 @@ func isPrivileged(pod *api.Pod) bool {
 		}
 	}
 	for _, c := range pod.Spec.Containers {
-		if c.SecurityContext == nil {
+		if c.SecurityContext == nil || c.SecurityContext.Privileged == nil {
 			continue
 		}
 		if *c.SecurityContext.Privileged {