From d4616759411a06a69aa1f6f9b88b32db3eceeb11 Mon Sep 17 00:00:00 2001 From: Gin Date: Mon, 13 Nov 2017 16:06:00 +0800 Subject: [PATCH] Update propagation.md --- contributors/design-proposals/node/propagation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contributors/design-proposals/node/propagation.md b/contributors/design-proposals/node/propagation.md index 3c665552935..94b61852719 100644 --- a/contributors/design-proposals/node/propagation.md +++ b/contributors/design-proposals/node/propagation.md @@ -189,7 +189,7 @@ Opinion against this: 1. It's not possible to validate a pod + mount propagation. Mount propagation is stored in a HostPath PersistentVolume object, while privileged mode is stored in Pod object. Validator sees only one object and we don't do - cross-object validation and can't reject non-provileged pod that uses a PV +   cross-object validation and can't reject non-privileged pod that uses a PV with shared mount propagation. ### Make HostPath shared for privileged containers, slave for non-privileged.