github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #125970 from carlory/sync-masked-path-from-moby

Browse Source 
defaultMaskedPaths must be kept in sync with moby/moby
This commit is contained in:
Kubernetes Prow Robot
2024-07-09 07:10:14 -07:00
committed by GitHub
parent 42064e03c5 f0c2afa19f
commit bb089b9374
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/securitycontext/util.go
View File

@@ -188,7 +188,7 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
var ( var (
// These *must* be kept in sync with moby/moby. // These *must* be kept in sync with moby/moby.
// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L123 // https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L124
// @jessfraz will watch changes to those files upstream. // @jessfraz will watch changes to those files upstream.
defaultMaskedPaths = []string{ defaultMaskedPaths = []string{
"/proc/asound", "/proc/asound",
@@ -201,6 +201,7 @@ var (
"/proc/sched_debug", "/proc/sched_debug",
"/proc/scsi", "/proc/scsi",
"/sys/firmware", "/sys/firmware",
"/sys/devices/virtual/powercap",
} }
defaultReadonlyPaths = []string{ defaultReadonlyPaths = []string{
"/proc/bus", "/proc/bus",