Merge pull request #31820 from ehazlett/secrets-restrict

Restrict secret view to node level in controller Upstream-commit: 0fe41cc4db65372f66d79721344522159c173ae5 Component: engine
2017-03-17 14:25:32 +01:00
parent 5060d78d5a 402994850c
commit 996aa3fb64
1 changed files with 1 additions and 1 deletions
--- a/components/engine/daemon/cluster/executor/container/executor.go
+++ b/components/engine/daemon/cluster/executor/container/executor.go
@ -152,7 +152,7 @@ func (e *executor) Controller(t *api.Task) (exec.Controller, error) {
 		return newNetworkAttacherController(e.backend, t, e.secrets)
 	}

-	ctlr, err := newController(e.backend, t, e.secrets)
+	ctlr, err := newController(e.backend, t, secrets.Restrict(e.secrets, t))
 	if err != nil {
 		return nil, err
 	}