From 910bf426e00bc351628d277cbb8d699affce374e Mon Sep 17 00:00:00 2001 From: Derek Su <derek.su@suse.com> Date: Sat, 2 Dec 2023 13:55:33 +0000 Subject: [PATCH] Revert "Run the container of the helper pod in privileged mode" This reverts commit bd0bc3128029ced34de5d350befeb6a941db38f0. Signed-off-by: Derek Su <derek.su@suse.com> --- provisioner.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/provisioner.go b/provisioner.go index 20548ee8..b226a214 100644 --- a/provisioner.go +++ b/provisioner.go @@ -567,7 +567,6 @@ func (p *LocalPathProvisioner) createHelperPod(action ActionType, cmd []string, if o.Node != "" { helperPod.Spec.NodeName = o.Node } - privileged := true helperPod.Spec.ServiceAccountName = p.serviceAccountName helperPod.Spec.RestartPolicy = v1.RestartPolicyNever helperPod.Spec.Tolerations = append(helperPod.Spec.Tolerations, lpvTolerations...) @@ -578,9 +577,6 @@ func (p *LocalPathProvisioner) createHelperPod(action ActionType, cmd []string, "-s", strconv.FormatInt(o.SizeInBytes, 10), "-m", string(o.Mode), "-a", string(action)} - helperPod.Spec.Containers[0].SecurityContext = &v1.SecurityContext{ - Privileged: &privileged, - } // If it already exists due to some previous errors, the pod will be cleaned up later automatically // https://github.com/rancher/local-path-provisioner/issues/27 -- GitLab