From 5a8e5a2b17bf63df143b9c564b3c2b2883b4c455 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 7 Jul 2018 05:38:20 -0400 Subject: Mask /proc/keys to protect information leak about keys on host Signed-off-by: Daniel J Walsh Closes: #1060 Approved by: mheon --- pkg/spec/spec.go | 1 + 1 file changed, 1 insertion(+) (limited to 'pkg/spec/spec.go') diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 0842908f8..dc23c129c 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -287,6 +287,7 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) for _, mp := range []string{ "/proc/acpi", "/proc/kcore", + "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", -- cgit v1.2.3-54-g00ecf