diff options
| author | Justin Cormack <justin.cormack@docker.com> | 2018-02-21 16:23:34 +0000 |
|---|---|---|
| committer | Justin Cormack <justin.cormack@docker.com> | 2018-02-21 16:23:34 +0000 |
| commit | de23cb939858a66829d5b75057c7ac664c5acda5 (patch) | |
| tree | 458d98dcfcc16524f0b703f9c38886cf1441d0b1 /oci | |
| parent | 0076343b29f508a5deb06861c0d85748659f8881 (diff) | |
| download | docker-de23cb939858a66829d5b75057c7ac664c5acda5.tar.gz | |
Add /proc/keys to masked paths
This leaks information about keyrings on the host. Keyrings are
not namespaced.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Diffstat (limited to 'oci')
| -rw-r--r-- | oci/defaults.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/oci/defaults.go b/oci/defaults.go index 578da3a81b..4145412dd4 100644 --- a/oci/defaults.go +++ b/oci/defaults.go @@ -115,6 +115,7 @@ func DefaultLinuxSpec() specs.Spec { s.Linux = &specs.Linux{ MaskedPaths: []string{ "/proc/kcore", + "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", |