From aaab26fd0ce812f78ef72b94d921439e7f9d9d6a Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 6 Jul 2018 06:41:24 -0400
Subject: Block use of /proc/acpi from inside containers

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1053
Approved by: mheon
---
 pkg/spec/spec.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index f9c60fdfa..0842908f8 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -285,6 +285,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
 	if !config.Privileged {
 		for _, mp := range []string{
+			"/proc/acpi",
 			"/proc/kcore",
 			"/proc/latency_stats",
 			"/proc/timer_list",
-- 
cgit v1.2.3-54-g00ecf