mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-10-23 02:23:53 +00:00
set fsGroupChangePolicy
This commit is contained in:
parent
34fd3849d9
commit
3c7e071a56
1 changed files with 10 additions and 6 deletions
|
@ -415,11 +415,15 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
|
||||||
// if unset, set fsGroup to 1000 by default to support non-root images
|
// if unset, set fsGroup to 1000 by default to support non-root images
|
||||||
if sc.FSGroup == nil {
|
if sc.FSGroup == nil {
|
||||||
fsGroup = newInt64(1000)
|
fsGroup = newInt64(1000)
|
||||||
// do the same for fsGroupChangePolicy but only if fsGroup is also set accordingly
|
do the same for fsGroupChangePolicy but only if fsGroup is also set accordingly
|
||||||
// if sc.FSGroupChangePolicy == nil {
|
if sc.FSGroupChangePolicy == nil {
|
||||||
// policy := v1.PodFSGroupChangePolicyOnRootMismatch
|
policy := v1.PodFSGroupChangePolicyOnRootMismatch
|
||||||
// fsGroupChangePolicy = &policy
|
}
|
||||||
// }
|
fsGroupChangePolicy = &policy
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
fsGroupChangePolicy = sc.FSGroupChangePolicy
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
seccomp = seccompProfile(sc.SeccompProfile)
|
seccomp = seccompProfile(sc.SeccompProfile)
|
||||||
|
@ -435,7 +439,7 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
|
||||||
RunAsUser: user,
|
RunAsUser: user,
|
||||||
RunAsGroup: group,
|
RunAsGroup: group,
|
||||||
FSGroup: fsGroup,
|
FSGroup: fsGroup,
|
||||||
// FSGroupChangePolicy: fsGroupChangePolicy,
|
FSGroupChangePolicy: fsGroupChangePolicy,
|
||||||
SeccompProfile: seccomp,
|
SeccompProfile: seccomp,
|
||||||
AppArmorProfile: apparmor,
|
AppArmorProfile: apparmor,
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue