diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2018-07-07 05:38:20 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-07-08 13:38:20 +0000 |
commit | 5a8e5a2b17bf63df143b9c564b3c2b2883b4c455 (patch) | |
tree | 8a6bf5d8da398fb1771f28774967f83042c622f4 /pkg/spec | |
parent | 0660108e3e06c9d935f27561eea78d892ba7b3e3 (diff) | |
download | podman-5a8e5a2b17bf63df143b9c564b3c2b2883b4c455.tar.gz podman-5a8e5a2b17bf63df143b9c564b3c2b2883b4c455.tar.bz2 podman-5a8e5a2b17bf63df143b9c564b3c2b2883b4c455.zip |
Mask /proc/keys to protect information leak about keys on host
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1060
Approved by: mheon
Diffstat (limited to 'pkg/spec')
-rw-r--r-- | pkg/spec/spec.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 0842908f8..dc23c129c 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -287,6 +287,7 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) for _, mp := range []string{ "/proc/acpi", "/proc/kcore", + "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", |