diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2018-07-06 06:41:24 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-07-06 17:29:35 +0000 |
commit | aaab26fd0ce812f78ef72b94d921439e7f9d9d6a (patch) | |
tree | b4c6715ba32adaa883306633a87246a35abf0d21 | |
parent | 6092955783180b332b1a1b3c857e509ee1ccb284 (diff) | |
download | podman-aaab26fd0ce812f78ef72b94d921439e7f9d9d6a.tar.gz podman-aaab26fd0ce812f78ef72b94d921439e7f9d9d6a.tar.bz2 podman-aaab26fd0ce812f78ef72b94d921439e7f9d9d6a.zip |
Block use of /proc/acpi from inside containers
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1053
Approved by: mheon
-rw-r--r-- | pkg/spec/spec.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index f9c60fdfa..0842908f8 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -285,6 +285,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) { if !config.Privileged { for _, mp := range []string{ + "/proc/acpi", "/proc/kcore", "/proc/latency_stats", "/proc/timer_list", |