diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2020-07-13 15:52:20 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-07-14 13:16:56 -0400 |
commit | 6054985f872f7d50b9c7a98faac77a0a6fde672b (patch) | |
tree | 47659b4997213c84e100a6a455d788f9cab48c3b /pkg/specgen | |
parent | d83077b16c14b05967fa1f92c7067299367a286f (diff) | |
download | podman-6054985f872f7d50b9c7a98faac77a0a6fde672b.tar.gz podman-6054985f872f7d50b9c7a98faac77a0a6fde672b.tar.bz2 podman-6054985f872f7d50b9c7a98faac77a0a6fde672b.zip |
Mask out /sys/dev to prevent information leak from the host
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg/specgen')
-rw-r--r-- | pkg/specgen/generate/config_linux.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go index b2d79f01b..9b6bd2827 100644 --- a/pkg/specgen/generate/config_linux.go +++ b/pkg/specgen/generate/config_linux.go @@ -150,6 +150,7 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate. "/proc/scsi", "/sys/firmware", "/sys/fs/selinux", + "/sys/dev", } { g.AddLinuxMaskedPaths(mp) } |