Merge pull request #1173 from runcom/fix-cve

Add /proc/scsi to masked paths
This commit is contained in:
Mrunal Patel 2017-11-22 05:35:33 -10:00 committed by GitHub
commit 7508cdeace
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -889,6 +889,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
"/proc/timer_list", "/proc/timer_list",
"/proc/timer_stats", "/proc/timer_stats",
"/proc/sched_debug", "/proc/sched_debug",
"/proc/scsi",
"/sys/firmware", "/sys/firmware",
} { } {
specgen.AddLinuxMaskedPaths(mp) specgen.AddLinuxMaskedPaths(mp)