From fc90bc13db672cec19320a0d9d7d4ce298038f3f Mon Sep 17 00:00:00 2001
From: Matt Oswalt <matt@oswalt.dev>
Date: Thu, 22 Oct 2020 16:32:59 -0700
Subject: [PATCH] Minor fix to bools for pod privileged mode

Signed-off-by: Matt Oswalt <matt@oswalt.dev>
---
 scheduler/pods.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/scheduler/pods.go b/scheduler/pods.go
index 7b2e2a0f..f0dc78e4 100644
--- a/scheduler/pods.go
+++ b/scheduler/pods.go
@@ -158,10 +158,13 @@ func (s *AntidoteScheduler) createPod(sc ot.SpanContext, ep *models.LiveEndpoint
 		}
 	}
 
+	t := true
+	f := false
+
 	// See the EndpointImage model in db/models for a definition of these flavors
 	switch flavor {
 	case models.FlavorTrusted:
-		t := true
+
 		pod.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
 			Privileged:               &t,
 			AllowPrivilegeEscalation: &t,
@@ -176,10 +179,9 @@ func (s *AntidoteScheduler) createPod(sc ot.SpanContext, ep *models.LiveEndpoint
 	// rather have it and not need it vs the reverse. Provided the new flavor model works, this can be removed
 	// as an option after a while.
 	case models.FlavorLegacy:
-		t := false
 		pod.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
-			Privileged:               &t,
-			AllowPrivilegeEscalation: &t,
+			Privileged:               &f,
+			AllowPrivilegeEscalation: &f,
 			Capabilities: &corev1.Capabilities{
 				Add: []corev1.Capability{
 					"NET_ADMIN",
@@ -188,11 +190,9 @@ func (s *AntidoteScheduler) createPod(sc ot.SpanContext, ep *models.LiveEndpoint
 		}
 
 	default:
-
-		t := false
 		pod.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
-			Privileged:               &t,
-			AllowPrivilegeEscalation: &t,
+			Privileged:               &f,
+			AllowPrivilegeEscalation: &f,
 			Capabilities: &corev1.Capabilities{
 				Add: []corev1.Capability{
 					"NET_ADMIN",