summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkg/spec/spec.go4
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 33c9fd6f3..0371b6d4d 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -132,6 +132,9 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
Options: []string{"rprivate", "nosuid", "noexec", "nodev", r, "rbind"},
}
g.AddMount(sysMnt)
+ if !config.Privileged && isRootless {
+ g.AddLinuxMaskedPaths("/sys/kernel")
+ }
}
if isRootless {
nGids, err := getAvailableGids()
@@ -500,7 +503,6 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator)
"/proc/scsi",
"/sys/firmware",
"/sys/fs/selinux",
- "/sys/kernel",
} {
g.AddLinuxMaskedPaths(mp)
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-01 12:34:31 +0000