From 6054985f872f7d50b9c7a98faac77a0a6fde672b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 13 Jul 2020 15:52:20 -0400 Subject: Mask out /sys/dev to prevent information leak from the host Signed-off-by: Daniel J Walsh --- pkg/specgen/generate/config_linux.go | 1 + 1 file changed, 1 insertion(+) (limited to 'pkg') diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go index b2d79f01b..9b6bd2827 100644 --- a/pkg/specgen/generate/config_linux.go +++ b/pkg/specgen/generate/config_linux.go @@ -150,6 +150,7 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate. "/proc/scsi", "/sys/firmware", "/sys/fs/selinux", + "/sys/dev", } { g.AddLinuxMaskedPaths(mp) } -- cgit v1.2.3-54-g00ecf