1. origin
  2. Commit 70749c5edb671f8db8597e64fe8aef67968d5d12
Browse code

WIP: Enable FSGroup in restricted and hostNS SCCs

Paul Morie authored on 2016/02/16 16:19:04
Showing 1 changed files
pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go
History View file @ 70749c5
... ... 
@@ -169,7 +169,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
169 169 
 				Type: kapi.RunAsUserStrategyMustRunAsRange,
170 170 
 			},
171 171 
 			FSGroup: kapi.FSGroupStrategyOptions{
172 
-				Type: kapi.FSGroupStrategyRunAsAny,
172 
+				Type: kapi.FSGroupStrategyMustRunAs,
173 173 
 			},
174 174 
 			SupplementalGroups: kapi.SupplementalGroupsStrategyOptions{
175 175 
 				Type: kapi.SupplementalGroupsStrategyRunAsAny,
... ... 
@@ -197,7 +197,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
197 197 
 				Type: kapi.RunAsUserStrategyMustRunAsRange,
198 198 
 			},
199 199 
 			FSGroup: kapi.FSGroupStrategyOptions{
200 
-				Type: kapi.FSGroupStrategyRunAsAny,
200 
+				Type: kapi.FSGroupStrategyMustRunAs,
201 201 
 			},
202 202 
 			SupplementalGroups: kapi.SupplementalGroupsStrategyOptions{
203 203 
 				Type: kapi.SupplementalGroupsStrategyRunAsAny,