Skip to content

Commit

Permalink
oci/defaults_linux.go: mask /sys/firmware
Browse files Browse the repository at this point in the history 
On typical x86_64 machines, /sys/firmware can contain SMBIOS and ACPI tables.
There is no need to expose the directory to containers.

Signed-off-by: Akihiro Suda <[email protected]>
  • Loading branch information
@AkihiroSuda
AkihiroSuda committed Oct 12, 2016
1 parent 9bd8c1d commit 8b1772c
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions oci/defaults_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ func DefaultSpec() specs.Spec {
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/sys/firmware",
},
ReadonlyPaths: []string{
"/proc/asound",
Expand Down

0 comments on commit 8b1772c

Please sign in to comment.