mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-10-23 02:23:53 +00:00
Code Issues Projects Releases Wiki Activity

set fsGroupChangePolicy

Browse source
This commit is contained in:
pat-s 2024-10-02 13:26:38 +02:00
parent 34fd3849d9
commit 3c7e071a56
No known key found for this signature in database
GPG key ID: 3C6318841EF78925
1 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pipeline/backend/kubernetes/pod.go
View file

@ -415,11 +415,15 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
// if unset, set fsGroup to 1000 by default to support non-root images
if sc.FSGroup == nil {
fsGroup = newInt64(1000)
// do the same for fsGroupChangePolicy but only if fsGroup is also set accordingly
// if sc.FSGroupChangePolicy == nil {
// policy := v1.PodFSGroupChangePolicyOnRootMismatch
// fsGroupChangePolicy = &policy
// }
do the same for fsGroupChangePolicy but only if fsGroup is also set accordingly
if sc.FSGroupChangePolicy == nil {
policy := v1.PodFSGroupChangePolicyOnRootMismatch
}
fsGroupChangePolicy = &policy
}
else {
fsGroupChangePolicy = sc.FSGroupChangePolicy
}
}
seccomp = seccompProfile(sc.SeccompProfile)
@ -435,7 +439,7 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
RunAsUser: user,
RunAsGroup: group,
FSGroup: fsGroup,
// FSGroupChangePolicy: fsGroupChangePolicy,
FSGroupChangePolicy: fsGroupChangePolicy,
SeccompProfile: seccomp,
AppArmorProfile: apparmor,
}