github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

PodSecurityPolicy: only set runAsNonRoot when runAsUser is nil

pull/6/head
Jordan Liggitt 2017-10-06 17:08:24 -04:00
parent b45b809f4c
commit 59510caaf3
No known key found for this signature in database
GPG Key ID: 39928704103C7229
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/security/podsecuritypolicy/provider.go
View File

@ -160,7 +160,7 @@ func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container
// if we're using the non-root strategy set the marker that this container should not be // if we're using the non-root strategy set the marker that this container should not be
// run as root which will signal to the kubelet to do a final check either on the runAsUser // run as root which will signal to the kubelet to do a final check either on the runAsUser
// or, if runAsUser is not set, the image UID will be checked. // or, if runAsUser is not set, the image UID will be checked.
if sc.RunAsNonRoot == nil && s.psp.Spec.RunAsUser.Rule == extensions.RunAsUserStrategyMustRunAsNonRoot { if sc.RunAsNonRoot == nil && sc.RunAsUser == nil && s.psp.Spec.RunAsUser.Rule == extensions.RunAsUserStrategyMustRunAsNonRoot {
nonRoot := true nonRoot := true
sc.RunAsNonRoot = &nonRoot sc.RunAsNonRoot = &nonRoot
} }