Add support for kube securityContext\.procMount

Fixes: https://github.com/containers/podman/issues/19881 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-06-25 20:26:51 +08:00 · 2023-09-06 16:49:38 -04:00
parent c17c190f89
commit b83485022d
5 changed files with 30 additions and 1 deletions
--- a/libpod/kube.go
+++ b/libpod/kube.go
@ -1220,6 +1220,12 @@ func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, bool, error
 		scHasData = true
 		sc.ReadOnlyRootFilesystem = &ro
 	}
+	if c.config.Spec.Linux.MaskedPaths == nil {
+		scHasData = true
+		unmask := v1.UnmaskedProcMount
+		sc.ProcMount = &unmask
+	}
+
 	if c.User() != "" {
 		if !c.batched {
 			c.lock.Lock()