github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add /proc/keys to masked paths

Browse Source 
This leaks information about keyrings on the host. Keyrings are
not namespaced.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2018-07-06 18:46:45 +02:00
parent 8b42adeddc
commit fe64b06a6d
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
oci/spec_unix.go
View File

@ -155,6 +155,7 @@ func createDefaultSpec(ctx context.Context, id string) (*Spec, error) {
MaskedPaths: []string{ MaskedPaths: []string{
"/proc/acpi", "/proc/acpi",
"/proc/kcore", "/proc/kcore",
"/proc/keys",
"/proc/latency_stats", "/proc/latency_stats",
"/proc/timer_list", "/proc/timer_list",
"/proc/timer_stats", "/proc/timer_stats",