aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-07-13 15:52:20 -0400
committerMatthew Heon <matthew.heon@pm.me>2020-07-22 14:35:30 -0400
commit800595a0a325e841d5888a33e3114c20c944d9b4 (patch)
tree305eea9e812d6536b1d0a8348c1e08687e12fb7d /pkg
parent0030dd3f75aa2f5877fa599a325f19b9e4140209 (diff)
downloadpodman-800595a0a325e841d5888a33e3114c20c944d9b4.tar.gz
podman-800595a0a325e841d5888a33e3114c20c944d9b4.tar.bz2
podman-800595a0a325e841d5888a33e3114c20c944d9b4.zip
Mask out /sys/dev to prevent information leak from the host
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/specgen/generate/config_linux.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go
index 5d928cc5d..e445e6f0c 100644
--- a/pkg/specgen/generate/config_linux.go
+++ b/pkg/specgen/generate/config_linux.go
@@ -161,6 +161,7 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate.
"/proc/scsi",
"/sys/firmware",
"/sys/fs/selinux",
+ "/sys/dev",
} {
g.AddLinuxMaskedPaths(mp)
}