From 04dc71f959a3a075de026e431a389950e11068f4 Mon Sep 17 00:00:00 2001
From: Paul Weil <pweil@redhat.com>
Date: Thu, 5 May 2016 19:25:58 -0400
Subject: [PATCH] retain read only root file system in
 determineEffectiveSecurityContext

---
 pkg/securitycontext/provider.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/securitycontext/provider.go b/pkg/securitycontext/provider.go
index f37aa4e017955..e31914960f994 100644
--- a/pkg/securitycontext/provider.go
+++ b/pkg/securitycontext/provider.go
@@ -159,6 +159,11 @@ func DetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *
 		*effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot
 	}
 
+	if containerSc.ReadOnlyRootFilesystem != nil {
+		effectiveSc.ReadOnlyRootFilesystem = new(bool)
+		*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
+	}
+
 	return effectiveSc
 }