From a9bfcbb0ab4e187c343f873586ffa9daea2003e6 Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Tue, 23 Jan 2018 16:51:03 -0700 Subject: [PATCH] UPSTREAM: 58720: Ensure that the runtime mounts RO volumes read-only --- vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_pods.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_pods.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_pods.go index 6241f4ba3406..2c4b0215dcbc 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_pods.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_pods.go @@ -253,7 +253,7 @@ func makeMounts(pod *v1.Pod, podDir string, container *v1.Container, hostName, h Name: mount.Name, ContainerPath: containerPath, HostPath: hostPath, - ReadOnly: mount.ReadOnly, + ReadOnly: mount.ReadOnly || vol.Mounter.GetAttributes().ReadOnly, SELinuxRelabel: relabelVolume, Propagation: propagation, })