summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-07-06 06:41:24 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-07-06 17:29:35 +0000
commitaaab26fd0ce812f78ef72b94d921439e7f9d9d6a (patch)
treeb4c6715ba32adaa883306633a87246a35abf0d21
parent6092955783180b332b1a1b3c857e509ee1ccb284 (diff)
downloadpodman-aaab26fd0ce812f78ef72b94d921439e7f9d9d6a.tar.gz
podman-aaab26fd0ce812f78ef72b94d921439e7f9d9d6a.tar.bz2
podman-aaab26fd0ce812f78ef72b94d921439e7f9d9d6a.zip
Block use of /proc/acpi from inside containers
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1053 Approved by: mheon
-rw-r--r--pkg/spec/spec.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index f9c60fdfa..0842908f8 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -285,6 +285,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
if !config.Privileged {
for _, mp := range []string{
+ "/proc/acpi",
"/proc/kcore",
"/proc/latency_stats",
"/proc/timer_list",