summaryrefslogtreecommitdiff
path: root/pkg/spec
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-07-07 05:38:20 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-07-08 13:38:20 +0000
commit5a8e5a2b17bf63df143b9c564b3c2b2883b4c455 (patch)
tree8a6bf5d8da398fb1771f28774967f83042c622f4 /pkg/spec
parent0660108e3e06c9d935f27561eea78d892ba7b3e3 (diff)
downloadpodman-5a8e5a2b17bf63df143b9c564b3c2b2883b4c455.tar.gz
podman-5a8e5a2b17bf63df143b9c564b3c2b2883b4c455.tar.bz2
podman-5a8e5a2b17bf63df143b9c564b3c2b2883b4c455.zip
Mask /proc/keys to protect information leak about keys on host
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1060 Approved by: mheon
Diffstat (limited to 'pkg/spec')
-rw-r--r--pkg/spec/spec.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 0842908f8..dc23c129c 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -287,6 +287,7 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator)
for _, mp := range []string{
"/proc/acpi",
"/proc/kcore",
+ "/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",