From fe64b06a6d13e354f4a64b1f2f901e872ab055d8 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Fri, 6 Jul 2018 18:46:45 +0200
Subject: [PATCH] Add /proc/keys to masked paths

This leaks information about keyrings on the host. Keyrings are
not namespaced.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 oci/spec_unix.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/oci/spec_unix.go b/oci/spec_unix.go
index 433e4735a..f8d8524dd 100644
--- a/oci/spec_unix.go
+++ b/oci/spec_unix.go
@@ -155,6 +155,7 @@ func createDefaultSpec(ctx context.Context, id string) (*Spec, error) {
 			MaskedPaths: []string{
 				"/proc/acpi",
 				"/proc/kcore",
+				"/proc/keys",
 				"/proc/latency_stats",
 				"/proc/timer_list",
 				"/proc/timer_stats",