diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2020-07-13 15:52:20 -0400 |
---|---|---|
committer | Matthew Heon <matthew.heon@pm.me> | 2020-07-22 14:35:30 -0400 |
commit | 800595a0a325e841d5888a33e3114c20c944d9b4 (patch) | |
tree | 305eea9e812d6536b1d0a8348c1e08687e12fb7d | |
parent | 0030dd3f75aa2f5877fa599a325f19b9e4140209 (diff) | |
download | podman-800595a0a325e841d5888a33e3114c20c944d9b4.tar.gz podman-800595a0a325e841d5888a33e3114c20c944d9b4.tar.bz2 podman-800595a0a325e841d5888a33e3114c20c944d9b4.zip |
Mask out /sys/dev to prevent information leak from the host
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r-- | pkg/specgen/generate/config_linux.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go index 5d928cc5d..e445e6f0c 100644 --- a/pkg/specgen/generate/config_linux.go +++ b/pkg/specgen/generate/config_linux.go @@ -161,6 +161,7 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate. "/proc/scsi", "/sys/firmware", "/sys/fs/selinux", + "/sys/dev", } { g.AddLinuxMaskedPaths(mp) } |