Skip to content

Commit

Permalink
Merge pull request #2310 from baude/issue2304
Browse files Browse the repository at this point in the history
lock and sync container before checking mountpoint
  • Loading branch information
openshift-merge-robot authored Feb 11, 2019
2 parents 8440b07 + 440dd8c commit 112a5ab
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions libpod/kube.go
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,7 @@ func capAddDrop(caps *specs.LinuxCapabilities) (*v1.Capabilities, error) {
func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) {
priv := c.Privileged()
ro := c.IsReadOnly()
allowPrivEscalation := !c.Spec().Process.NoNewPrivileges
allowPrivEscalation := !c.config.Spec.Process.NoNewPrivileges

newCaps, err := capAddDrop(c.config.Spec.Process.Capabilities)
if err != nil {
Expand All @@ -421,7 +421,13 @@ func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) {
}

if c.User() != "" {
// It is *possible* that
if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
}
if err := c.syncContainer(); err != nil {
return nil, errors.Wrapf(err, "unable to sync container during YAML generation")
}
logrus.Debugf("Looking in container for user: %s", c.User())
u, err := lookup.GetUser(c.state.Mountpoint, c.User())
if err != nil {
Expand Down

0 comments on commit 112a5ab

Please sign in to comment.