diff options
-rw-r--r-- | pkg/spec/spec.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 33c9fd6f3..0371b6d4d 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -132,6 +132,9 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint Options: []string{"rprivate", "nosuid", "noexec", "nodev", r, "rbind"}, } g.AddMount(sysMnt) + if !config.Privileged && isRootless { + g.AddLinuxMaskedPaths("/sys/kernel") + } } if isRootless { nGids, err := getAvailableGids() @@ -500,7 +503,6 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) "/proc/scsi", "/sys/firmware", "/sys/fs/selinux", - "/sys/kernel", } { g.AddLinuxMaskedPaths(mp) } |