containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6957 from rhatdan/sysdev 

Mask out /sys/dev to prevent information leak from the host
This commit is contained in:
OpenShift Merge Robot 2020-07-14 22:49:48 +02:00 committed by GitHub
parent f4edfe8430 6054985f87
commit c4843d4e9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/specgen/generate/config_linux.go
View File

@ -150,6 +150,7 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate.
"/proc/scsi", "/proc/scsi",
"/sys/firmware", "/sys/firmware",
"/sys/fs/selinux", "/sys/fs/selinux",
"/sys/dev",
} { } {
g.AddLinuxMaskedPaths(mp) g.AddLinuxMaskedPaths(mp)
} }