Skip to content

Commit

Permalink
SecurityContextConstraints: only set runAsNonRoot when runAsUser is nil.
Browse files Browse the repository at this point in the history
  • Loading branch information
@php-coder
php-coder committed Dec 18, 2017
1 parent 5b2b98f commit 014f66d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/security/securitycontextconstraints/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container
// if we're using the non-root strategy set the marker that this container should not be
// run as root which will signal to the kubelet to do a final check either on the runAsUser
// or, if runAsUser is not set, the image
if s.scc.RunAsUser.Type == securityapi.RunAsUserStrategyMustRunAsNonRoot {
if sc.RunAsNonRoot == nil && sc.RunAsUser == nil && s.scc.RunAsUser.Type == securityapi.RunAsUserStrategyMustRunAsNonRoot {
nonRoot := true
sc.RunAsNonRoot = &nonRoot
}
Expand Down

0 comments on commit 014f66d

Please sign in to comment.